Snippets

Winni Neessen grb8: Untitled snippet

Updated by Winni Neessen
View revision

File 1_README.txt Modified

  • Ignore whitespace
  • Hide word diff 
 
 Done.
 
+## Update 2015-05-20 21:33:
 ## If you are using FreeBSD, there is also a patch for the /usr/ports/www/apache22
 ## Makefile, that will take care of the patching process. Not nice, but it works.
Updated by Winni Neessen
View revision

File 1_README.txt Modified

  • Ignore whitespace
  • Hide word diff 
 Done.
 
 ## If you are using FreeBSD, there is also a patch for the /usr/ports/www/apache22
-## Makefile, that will take care of the patching process. Not nice, but it works.
+## Makefile, that will take care of the patching process. Not nice, but it works.
+
+## Update 2015-05-21 16:21:
+## Ben Rubson <ben.rubson@gmail.com> suggested to use 4096 bit instead of 3072
+## Updated patch by him, can be found here: http://pastebin.com/5gEW4hz9
Updated by Winni Neessen
View revision

File 1_README.txt Added

  • Ignore whitespace
  • Hide word diff 
+## Workaround to change default 512/1024bit DH parameters in Apache 2.2 to 2048/3072bit
+##
+## This has been tested with Apache httpd-2.2.29 and checked via OpenSSL 1.0.2's s_client
+## => openssl s_client -connect some.host.com:443 -tls1 -msg
+## ===> Server Temp Key: DH, 3072 bits
+##
+## No waranty is given, that this workaround really fixes the issue
+
+1.  Download latest Apache 2.2 sources (2.2.29)
+2.  Change into the sources directory
+    cd httpd-2.2.29
+3.  Apply the attached patch:
+    patch -p0 < ssl_engine_dh_c.patch
+4.  Change directory to "modules/ssl"
+    cd modules/ssl/
+5.  Regenerate the DH params in ssl_engine_dh.c using the (modified) embedded perl script
+    perl ssl_engine_dh.c
+6.  Wait...
+7.  If successfully done, change back to the root of the Apache sources
+    cd ../..
+8.  (Re-)compile Apache
+9.  Install the newly compiled Apache
+10. Restart Apache
+
+Done.
+
+## If you are using FreeBSD, there is also a patch for the /usr/ports/www/apache22
+## Makefile, that will take care of the patching process. Not nice, but it works.

File README.txt Deleted

  • Ignore whitespace
  • Hide word diff 
-## Workaround to change default 512/1024bit DH parameters in Apache 2.2 to 2048/3072bit
-##
-## This has been tested with Apache httpd-2.2.29 and checked via OpenSSL 1.0.2's s_client
-## => openssl s_client -connect some.host.com:443 -tls1 -msg
-## ===> Server Temp Key: DH, 3072 bits
-##
-## No waranty is given, that this workaround really fixes the issue
-
-1.  Download latest Apache 2.2 sources (2.2.29)
-2.  Change into the sources directory
-    cd httpd-2.2.29
-3.  Apply the attached patch:
-    patch -p0 < ssl_engine_dh_c.patch
-4.  Change directory to "modules/ssl"
-    cd modules/ssl/
-5.  Regenerate the DH params in ssl_engine_dh.c using the (modified) embedded perl script
-    perl ssl_engine_dh.c
-6.  Wait...
-7.  If successfully done, change back to the root of the Apache sources
-    cd ../..
-8.  (Re-)compile Apache
-9.  Install the newly compiled Apache
-10. Restart Apache
-
-Done.
-
-## If you are using FreeBSD, there is also a patch for the /usr/ports/www/apache22
-## Makefile, that will take care of the patching process. Not nice, but it works.
Updated by Winni Neessen
View revision

File Makefile.patch Added

  • Ignore whitespace
  • Hide word diff 
+--- /var/tmp/Makefile   2015-05-20 21:33:49.000000000 +0200
++++ /usr/jails/basejail/usr/ports/www/apache22/Makefile 2015-05-20 21:13:17.000000000 +0200
+@@ -134,2 +134,6 @@
+        @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' \) -delete
++# patch the dh params
++       @/usr/local/bin/curl -o /var/tmp/ssl_engine_dh_c.patch https://bitbucket.org/api/2.0/snippets/wneessen/grb8/0149fefa6cb22ef4d967433da49a60057599b67c/files/ssl_engine_dh_c.patch
++       @cd ${WRKSRC} && /usr/bin/patch -p0 </var/tmp/ssl_engine_dh_c.patch
++       @cd ${WRKSRC}/modules/ssl && ${PERL} ssl_engine_dh.c

File README.txt Modified

  • Ignore whitespace
  • Hide word diff 
 9.  Install the newly compiled Apache
 10. Restart Apache
 
-Done.
+Done.
+
+## If you are using FreeBSD, there is also a patch for the /usr/ports/www/apache22
+## Makefile, that will take care of the patching process. Not nice, but it works.
Updated by Winni Neessen
View revision

File README.txt Modified

  • Ignore whitespace
  • Hide word diff 
 ## Workaround to change default 512/1024bit DH parameters in Apache 2.2 to 2048/3072bit
+##
+## This has been tested with Apache httpd-2.2.29 and checked via OpenSSL 1.0.2's s_client
+## => openssl s_client -connect some.host.com:443 -tls1 -msg
+## ===> Server Temp Key: DH, 3072 bits
+##
+## No waranty is given, that this workaround really fixes the issue
 
 1.  Download latest Apache 2.2 sources (2.2.29)
 2.  Change into the sources directory
  2. 1
  3. 2
HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.