diff options
author | Kaspar Brand <kbrand@apache.org> | 2013-09-29 10:35:46 +0000 |
---|---|---|
committer | Kaspar Brand <kbrand@apache.org> | 2013-09-29 10:35:46 +0000 |
commit | 169f992d899d366a74162e18169986fb5dcdc6cf (patch) | |
tree | 1aed53217e4bc4cc3a180795a8559685a43c5b8b /CMakeLists.txt | |
parent | 725978c55498b78a86fcbc884169fd71cf10b522 (diff) | |
download | httpd-169f992d899d366a74162e18169986fb5dcdc6cf.tar.gz |
Improve ephemeral key handling (companion to r1526168):
- allow to configure custom DHE or ECDHE parameters via the
SSLCertificateFile directive, and adapt its documentation
accordingly (addresses PR 49559)
- add standardized DH parameters from RFCs 2409 and 3526,
use them based on the length of the certificate's RSA/DSA key,
and add a FAQ entry for clients which limit DH support
to 1024 bits (such as Java 7 and earlier)
- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
- drop ssl_engine_dh.c from mod_ssl
For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527295 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r-- | CMakeLists.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index d8c1cf0be5..3965939785 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -417,7 +417,7 @@ IF(OPENSSL_FOUND) SET(mod_ssl_extra_libs ${OPENSSL_LIBRARIES}) ENDIF() SET(mod_ssl_extra_sources - modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_dh.c + modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_log.c modules/ssl/ssl_engine_mutex.c modules/ssl/ssl_engine_ocsp.c |