Bug #11608

Mitigate "logjam"

Added by Nick Thomas over 4 years ago. Updated about 4 years ago.

Status:NewStart date:2015-05-20
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:stretch

Description

Apache, exim, dovecot, etc. need dhparams generating on install and referring to.

https://weakdh.org/sysadmin.html

History

#1 Updated by Patrick Cherry over 4 years ago

  • Target version set to jessie

I'm not sure this is possible in wheezy (due to versions of apache/dovecot), so the target version is jessie.

#2 Updated by Patrick Cherry over 4 years ago

  • Target version changed from jessie to stretch

In Jessie:

  • exim4 has been fixed, complete with regeneration of DH params.
  • dovecot has been fixed (it does it all automatically anyway)
  • apache requires the DH params to be concatenated on to the end of the cert, so thats a WONTFIX (2.4.8 onwards it can be specified)
  • pure-ftpd doesn't support separate DH params yet (1.0.38 onwards)

Pushing into stretch for future fixes.

#3 Updated by Patrick Cherry about 4 years ago

prosody now has dhparams + a regeneration cron job too.

Also available in: Atom PDF