If you're running 2.7 ./configure --help Should show the --with-dh option
I believe 2048 is the default (as it indicates) but it should be reflected in the Makefile. Makefile.in has it around line 75 -DC_DH_LEN=\"@C_DH_LEN@\" And after the build you should have a dh2048.h file ------ Joe CONFIDENTIALITY STATEMENT The documents and communication included in this email transmission may contain confidential information. All information is intended only for the use of the above named recipient(s). If you are not the named recipient, you are NOT authorized to read, disclose, copy, distribute, or take any action on the information and any action other than immediate delivery to the named recipient is strictly prohibited. If you have received this email in error, do NOT read the information and please immediately notify sender by telephone and email and immediately delete this email. If you are the named recipient, you are NOT authorized to reveal any of this information to any unauthorized person and are hereby instructed to delete this email when no longer needed. On 3/8/16, 4:08 PM, "Pound" <po...@webstyle.ch> wrote: >On 08.03.16, 17:08, Joe Gooch wrote: >> Based on the cipher string you've provided, I see the ciphers you're looking >> for in openssl ciphers -v output. >> >> Have you selected a ECDH Curve? Do you see any ECDH ciphers in the list? >> >> Also review >> http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000 >> >> >> Specifically you need (globally) >> ECDHCurve prime256v1 >> >> And in your listeners: >> Disable SSLv3 >> SSLAllowClientRenegotiation 0 >> SSLHonorCipherOrder 1 >> >> Ciphers >> "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:-3DES:!MD5:!EXP:!PSK:!SRP:!DSS:3DES" >> >> >> (or your ciphers line, whichever) > >Thank you for this info. However: > >> Ensure that DH_LEN=2048 in your makefile > >How can I tell? I'm using the FreeBSD-Port: >https://svnweb.freebsd.org/ports/head/www/pound >Can I just add this to the rest of the port options, if necessary? > > >-- >To unsubscribe send an email with subject unsubscribe to pound@apsis.ch. >Please contact ro...@apsis.ch for questions.
