On Sun, Mar 13, 2022 at 3:55 PM Walter Hop <apa...@spam.lifeforms.nl> wrote: > > On my old setup, this was DH 2048, which is considered “insufficient” > according to internet.nl. I have tried the following things: > > 1) use a 4096 bit RSA key and get a new certificate > 2) generate DH params with: openssl dhparam -out /etc/apache2/dhparam.pem 4096 > 3) in my configuration, added: SSLOpenSSLConfCmd DHParameters > "/etc/apache2/dhparam.pem”
Step 3) does not work anymore with latest openssl versions, the only way to configure custom dhparams in httpd is to append them to the certificate file (see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile). Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
