## Workaround to change default 512/1024bit DH parameters in Apache 2.2 to 2048/3072bit
##
## This has been tested with Apache httpd-2.2.29 and checked via OpenSSL 1.0.2's s_client
## => openssl s_client -connect some.host.com:443 -tls1 -msg
## ===> Server Temp Key: DH, 3072 bits
##
## No waranty is given, that this workaround really fixes the issue
1. Download latest Apache 2.2 sources (2.2.29)
2. Change into the sources directory
cd httpd-2.2.29
3. Apply the attached patch:
patch -p0 < ssl_engine_dh_c.patch
4. Change directory to "modules/ssl"
cd modules/ssl/
5. Regenerate the DH params in ssl_engine_dh.c using the (modified) embedded perl script
perl ssl_engine_dh.c
6. Wait...
7. If successfully done, change back to the root of the Apache sources
cd ../..
8. (Re-)compile Apache
9. Install the newly compiled Apache
10. Restart Apache
Done.