[Bug 1197884] Re: apache2.2 SSL has no forward-secrecy: need ECDHE keys
I did not want to wait until this is fixed for apache 2.22 in Ubuntu 12.04 So I took mod_ssl from apache 2.2.29 which supports ECDH. Additional I removed the 512 and 1024 bit DH parameters from ssl_engine_dh.c and replaced them with 2048 and 3072 bit. Two DH keys are not needed because libssl in 12.04 never asks for more than 1024 bit so always 3072 are returned. But I realised this afterwards You can download my modified mod_ssl from http://download.ict-pros.co.tz/mod_ssl-apache2.22.tar.bz2 Short instructions: apt-get source apache2 apt-get build-dep apache2 Replace modules/ssl with the modified version. Run within modules/ssl perl ./ssl_engine_dh.c to generate your own DH parameters. Build the package. After updates mod_ssl.so will be overwritten so you have to copy your compiled version from debian/apache2.2-bin/usr/lib/apache2/modules/ to /usr/lib/apache2/modules/ and restarting apache. Andreas ** Attachment added: mod_ssl from apache 2.2.29 with 2038 and 3072 bit DH parameters https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+attachment/4404368/+files/mod_ssl-apache2.22.tar.bz2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1197884 Title: apache2.2 SSL has no forward-secrecy: need ECDHE keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 270899] Re: /etc/init.d/apache2 restart fails on busy webservers
Is it fixed or back again? On 6th of June Apche stopped after logrotating. Reproducable this hapend when using graceful for reloading. Installed Software: Lucid 32Bit apache2.2_2.2.14-5ubuntu8 The strange thing it happens only on one server. I compared it with other servers, having the exact same setup: No difference, except on this server are SSL-VHosts. But even disabling them: apace2ctl graceful and apache hangs / the task are not stopping. For now I have no idea what I can check. -- /etc/init.d/apache2 restart fails on busy webservers https://bugs.launchpad.net/bugs/270899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
