Add custom DH parameters our main certificate
authorTom Hughes <tom@compton.nu>
Fri, 29 Aug 2014 14:32:30 +0000 (15:32 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 29 Aug 2014 14:32:30 +0000 (15:32 +0100)
Java before version 7 can't cope with DH parameters longer
than 1024 bits but Apache 2.4 bases the DH parameter length
on the certificate key length, which is 2048 bits.

http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh

cookbooks/ssl/files/default/openstreetmap.pem

index bc808b9..2c0b54c 100644 (file)
@@ -29,3 +29,8 @@ Lpir8zhjNoVThPq4ELcbv+pH7N/nKITDmmlvoWSwQIis2DCTM5KVOiDWE2eAizXQ
 Oi0FZvAScRs1kwCm+9p3Z/pYNJomRE21Wco1tqUMoQsIasBDzKmILNMGXWO8wDuG
 l3L09Dqq6lo/przbhmSSb4Xbktf2IOqHSvYHOus1p3c0+N1lIipTyi2hqe/loA==
 -----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBALyRheYOdJoRfRRYJSSl++1QZxQ4nSdnoVZkb3kdSBweh+XfiiLApDO5
+G+cfiNcwrKiYZBCqQDlPlBBNuY+Xn2acrH9m4g60UJxz6ONezoy2uwEHGyNCF3qf
+Q0uh8zidmjTOHlZ1phKx42W2jpcdnp8rR/F9/m2FkxgY2I4DaYSfAgEF
+-----END DH PARAMETERS-----