Log Message: |
Improve ephemeral key handling (companion to r1526168):
- allow to configure custom DHE or ECDHE parameters via the
SSLCertificateFile directive, and adapt its documentation
accordingly (addresses PR 49559)
- add standardized DH parameters from RFCs 2409 and 3526,
use them based on the length of the certificate's RSA/DSA key,
and add a FAQ entry for clients which limit DH support
to 1024 bits (such as Java 7 and earlier)
- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
- drop ssl_engine_dh.c from mod_ssl
For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.
|