Logjam + haproxy as ssl-terminator



  • –- SOLVED ---

    All I had to do was to set tune.ssl.default-dh-param 2048

    Hi,

    we're using HAproxy to terminate our SSL-connections in Pfsense (2.2-RELEASE).
    Is there a way to regenerate dhparams (in order to protect against logjam) on a pfsense setup?

    Usually you'd invoke
    openssl dhparam -out dhparams.pem 2048 ?
    and link it in apache's config using
    SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"

    For obvious reasons, this is not possible in our case.

    Thanks!