From 169f992d899d366a74162e18169986fb5dcdc6cf Mon Sep 17 00:00:00 2001 From: Kaspar Brand Date: Sun, 29 Sep 2013 10:35:46 +0000 Subject: Improve ephemeral key handling (companion to r1526168): - allow to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive, and adapt its documentation accordingly (addresses PR 49559) - add standardized DH parameters from RFCs 2409 and 3526, use them based on the length of the certificate's RSA/DSA key, and add a FAQ entry for clients which limit DH support to 1024 bits (such as Java 7 and earlier) - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to ssl_util_ssl.c, and add ssl_ec_GetParamFromFile() - drop ssl_engine_dh.c from mod_ssl For the standardized DH parameters, OpenSSL version 0.9.8a or later is required, which was therefore made a new minimum requirement in r1527294. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527295 13f79535-47bb-0310-9956-ffa450edef68 --- LAYOUT | 1 - 1 file changed, 1 deletion(-) (limited to 'LAYOUT') diff --git a/LAYOUT b/LAYOUT index 9a630689c9..b5faadb132 100644 --- a/LAYOUT +++ b/LAYOUT @@ -108,7 +108,6 @@ modules/ ................ Manditory and Add-In Apache stock modules mod_ssl.c ............... main source file containing API structures mod_ssl.h ............... common header file of mod_ssl ssl_engine_config.c ..... module configuration handling - ssl_engine_dh.c ......... DSA/DH support ssl_engine_init.c ....... module initialization ssl_engine_io.c ......... I/O support ssl_engine_kernel.c ..... SSL engine kernel -- cgit v1.2.3