This bug was fixed in the package apache2 - 2.2.22-1ubuntu1.9 --------------- apache2 (2.2.22-1ubuntu1.9) precise-security; urgency=medium
* SECURITY IMPROVEMENT: add support for ECC keys and ECDH ciphers (LP: #1197884) - debian/patches/ecc_support.patch: add support to modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h, modules/ssl/ssl_toolkit_compat.h, modules/ssl/ssl_util.c, * SECURITY IMPROVEMENT: add TLSv1.x options to SSLProtocol (LP: #1400473) - debian/patches/tls_options.patch: allow specifying later TLSv1.x options in modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_config.c, modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h. * SECURITY IMPROVEMENT: improve ephemeral key handling, including allowing DH parameters to be loaded from SSLCertificateFile and disabling EXPORT ciphers. - debian/patches/ephemeral_key_handling.patch: numerous improvements to modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_config.c, modules/ssl/ssl_engine_dh.c, modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h, modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 28 May 2015 12:26:50 -0400 ** Changed in: apache2 (Ubuntu Precise) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1197884 Title: apache2.2 SSL has no forward-secrecy: need ECDHE keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs