git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Kaspar Brand <kbrand@apache.org>
	Sun, 29 Sep 2013 10:35:46 +0000 (10:35 +0000)
committer	Kaspar Brand <kbrand@apache.org>
	Sun, 29 Sep 2013 10:35:46 +0000 (10:35 +0000)
commit	d9048205d25693d91b216dd4ca65059411fc3118
tree	1aed53217e4bc4cc3a180795a8559685a43c5b8b	tree
parent	2648f2946668e35eb8c8e3551c6e28b18faf6d29	commit \| diff

Improve ephemeral key handling (companion to r1526168):

- allow to configure custom DHE or ECDHE parameters via the
  SSLCertificateFile directive, and adapt its documentation
  accordingly (addresses PR 49559)

- add standardized DH parameters from RFCs 2409 and 3526,
  use them based on the length of the certificate's RSA/DSA key,
  and add a FAQ entry for clients which limit DH support
  to 1024 bits (such as Java 7 and earlier)

- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
  ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()

- drop ssl_engine_dh.c from mod_ssl

For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527295 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| blame \| history
CMakeLists.txt		diff \| blob \| blame \| history
LAYOUT		diff \| blob \| blame \| history
docs/manual/mod/mod_ssl.xml		diff \| blob \| blame \| history
docs/manual/ssl/ssl_faq.xml		diff \| blob \| blame \| history
modules/ssl/config.m4		diff \| blob \| blame \| history
modules/ssl/mod_ssl.dsp		diff \| blob \| blame \| history
modules/ssl/ssl_engine_dh.c	[deleted file]	blob \| blame \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| blame \| history
modules/ssl/ssl_engine_kernel.c		diff \| blob \| blame \| history
modules/ssl/ssl_private.h		diff \| blob \| blame \| history
modules/ssl/ssl_util_ssl.c		diff \| blob \| blame \| history