[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[opensuse-security] openSUSE 13.1 and weakdh.org
we have several webservers using apache and openSUSE 13.1.
https://www.ssllabs.com/ssltest/ rates these systems with an overall
rating "B", because "/This server supports weak Diffie-Hellman (DH) key
The recommendations on https://weakdh.org/sysadmin.html can not be used
because the apache directive SSLOpenSSLConfCmd needs apache 2.4.8 and
openSUSE 13.1 is using 2.4.6. The other suggestion to append the
DHparams to the end of the certificate file does also not work, because
you need apache 2.4.7 for that.
I found ticket https://bugzilla.suse.com/show_bug.cgi?id=931723 from May
2015 in Status "NEW". There is a comment from "/Swamp Workflow
Management ////2015-10-06 07:09:35 UTC/", that there should be a fix for
openSUSE 13.1 with apache2-2.4.6-6.50.1, but a "rpm -q --changelog
apache2" does not mention this problem and the various patches of the
src-rpm do not match, too.
Best regards Tobias
T+T Hennerich GmbH / Zettachring 12a / 70567 Stuttgart
Fon:+49(711)720714-0 Fax:+49(711)720714-44 Vanity:+49(700)HENNERICH
Geschäftsführer: Dipl. Inf. Tobias Hennerich + Dipl. Inf. Timo Hennerich
http://www.hennerich.de/ Amtsgericht Stuttgart, HRB 281482
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx