Description of problem: The customer needs to set 2048 bit DH on JWS httpd. It seems that there is the "SSLOpenSSLConfCmd DHParameters" configuration in Apache httpd 2.4.8+, and the DH PARAMETERS can set in Apache httpd 2.4.7+ for 2048 bit DH[1]. However JWS 2.1 is Apache httpd 2.2.26 and JWS 3.0 is Apache httpd 2.4.6[2]. It means that current JWS httpd cannot set 2048 bit DH. [1] https://weakdh.org/sysadmin.html ~~~ In newer versions of Apache (2.4.8 and newer) and OpenSSL 1.0.2 or later, you can directly specify your DH params file as follows: SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}" If you are using Apache with LibreSSL, or Apache 2.4.7 and OpenSSL 0.9.8a or later, you can append the DHparams you generated earlier to the end of your certificate file. ~~~ [2] https://weakdh.org/sysadmin.html Version-Release number of selected component (if applicable): JWS 2.1 * If we can accepts this request on JWS 2.1, please also fix JWS 3.0.
This seems like a duplicate BZ 1238084 and RHEA-2015:1584
The update of openssl to 1.0.2h allow to use the dh_param in the certficate file.
Added Doc-text
Employee 'fgoldefu' has left the company.