Logjam + haproxy as ssl-terminator
-
–- SOLVED ---
All I had to do was to set tune.ssl.default-dh-param 2048
Hi,
we're using HAproxy to terminate our SSL-connections in Pfsense (2.2-RELEASE).
Is there a way to regenerate dhparams (in order to protect against logjam) on a pfsense setup?Usually you'd invoke
openssl dhparam -out dhparams.pem 2048 ?
and link it in apache's config using
SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"For obvious reasons, this is not possible in our case.
Thanks!