Hi, after one week no response to my mail at all :-( Is the answer too obvious or is the topic too exotic? Or is opensuse-security just the wrong mailing list? Kind regards Tobias -- T+T Hennerich GmbH / Zettachring 12a / 70567 Stuttgart Fon:+49(711)720714-0 Fax:+49(711)720714-44 Vanity:+49(700)HENNERICH Geschäftsführer: Dipl. Inf. Tobias Hennerich + Dipl. Inf. Timo Hennerich http://www.hennerich.de/ Amtsgericht Stuttgart, HRB 281482 Am 17.11.2015 um 17:32 schrieb Tobias Hennerich:
Hi,
we have several webservers using apache and openSUSE 13.1.
https://www.ssllabs.com/ssltest/ rates these systems with an overall rating "B", because "/This server supports weak Diffie-Hellman (DH) key exchange parameters./".
The recommendations on https://weakdh.org/sysadmin.html can not be used because the apache directive SSLOpenSSLConfCmd needs apache 2.4.8 and openSUSE 13.1 is using 2.4.6. The other suggestion to append the DHparams to the end of the certificate file does also not work, because you need apache 2.4.7 for that.
I found ticket https://bugzilla.suse.com/show_bug.cgi?id=931723 from May 2015 in Status "NEW". There is a comment from "/Swamp Workflow Management ////2015-10-06 07:09:35 UTC/", that there should be a fix for openSUSE 13.1 with apache2-2.4.6-6.50.1, but a "rpm -q --changelog apache2" does not mention this problem and the various patches of the src-rpm do not match, too.
Any suggestions?
Best regards Tobias
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org