maintainer-feedback requested: [Bug 200756] [patch] www/apache22: Logjam DH params workaround for Apache 2.2.x due to lack of "SSLOpenSSLConfCmd" directive

[Mark Felder]

On Wed, Jun 10, 2015, at 02:11, bugzilla-noreply at freebsd.org wrote:
> Winni Neessen <winni at insecure.so> has reassigned Bugzilla Automation
> <bugzilla at FreeBSD.org>'s request for maintainer-feedback to
> apache at FreeBSD.org:
> Bug 200756: [patch] www/apache22: Logjam DH params workaround for Apache
> 2.2.x
> due to lack of "SSLOpenSSLConfCmd" directive
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200756
> 
> 
> 
> --- Description ---
> Hi,
> 
> As Apache 2.2.x is not providing a way to use a self-generated set of DH
> params
> via configuration directive (lack of the "SSLOpenSSLConfCmd" parameter),
> I've
> created a workaround, that generates a set of DH params during compile
> time, so
> that apache22 is still able to follow the recommendation of not using the
> default set of 512/1024bit DH params, that is shipped with Apache per
> default.
> 
> I'd already published the workaround on
> https://bitbucket.org/snippets/wneessen/grb8 where someone suggested to
> submit
> a PR for FreeBSD, so here it is.
> 
> I wasn't able to figure, how to attach 2 files to this PR, so I am
> following
> the documentation at
> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing
> .html
> and provide the URLs.
> 
> Patch for www/apache2/Makefile:
> https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635
> 24bbcbe67c4a7c/files/Makefile.patch
> Patch for Apache 2.2.x's modules/ssl/ssl_engine_dh.c:
> https://bitbucket.org/api/2.0/snippets/wneessen/grb8/9ce0ecd2a060d734a87a8ce635
> 24bbcbe67c4a7c/files/ssl_engine_dh_c.patch
> 

Hi Winni,

Thanks for your patch! I was working on testing it and I noticed someone
already added this to the build process with this commit:

https://svnweb.freebsd.org/ports/head/www/apache22/Makefile?revision=386904&view=markup