Child pages
  • Advanced Apache hints

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Using long non-standard DH groups

This needs Apache 2.4.8 and OpenSSL 1.0.2.

To help fix CVE-2015-4000 or at least reduce the risk:

No Format
openssl dhparam -out dhparams.pem 2048
# either ...
$EDITOR /etc/apache2/mods-available/ssl.conf
# Long non-trivial DH group against CVE-2015-4000"
SSLOpenSSLConfCmd DHParameters dhparams.pem
# ... or ...
cat dhparams.pem >>
apache2ctl configtest && apache2ctl graceful

To test this, on from a machine client machin with OpenSSL 1.0.2 higher (from blog logjam-freak-upcoming-changes):