I successfully tested your attached patch with the latest 1.0.2 branch. The DH temp key now has the bit length of the used RSA key, regardless of SSLCertificate[Key]File order.
Thank you, Kaspar. On Sat, Apr 19, 2014 at 9:11 AM, Kaspar Brand <httpd-dev.2...@velox.ch> wrote: > On 19.04.2014 09:00, Falco Schwarz wrote: >> that OpenSSL actually returns the private key used by the connection. > > I just noticed [1], so you might want to try the attached (but untested) > patch with 1.0.2-beta1 at least (beware of CVE-2014-0160 though, later > versions preferred). > > Kaspar > > [1] > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=58b86e4235cd420f607819727d372af9f7a80224