httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Falco Schwarz <hid...@falco.me>
Subject DH params and multiple certificates
Date Wed, 19 Feb 2014 17:30:46 GMT
As of svn.apache.org/r1527295 standardized DH parameters were added to mod_ssl. If I understand
docs correctly, the bit length is based on the RSA/DSA key. With the recent support of multiple
certificates per VirtualHost it is possible to use an RSA and ECC certificate.

When using RSA and ECC, the DH bit length is dependent on the certificate configured last,
so:

- if ECC is configured last, 1024 bit DH params are set (minimum)
- if RSA is configured last, the DH params depend on the private keys bit length (it works)

The ECC certificate should in any way be skipped and not taken into account when setting DH
params. 		 	   		  

Mime
View raw message