a new vulnerability in Diffie-Hellman, informally referred to as ‘logjam’, has been published on weakdh.org.
Debian Wheezy is running Apache v2.2.22 which does not support setting up the recommended individual DH key with a miminum size of 2048 using the “SSLOpenSSLConfCmd DHParameters [pemfile]” setting. That’s why I’ve manually recompiled the debian sources of Apache 2.2.22-13+deb7u4 patched with dh3072 (and optional if needed mpm-peruser support) for my i386 and amd64 platforms to fix this issue.
Thx. to Winni Neessen for publishing this nice patch: https://bitbucket.org/snippets/wneessen/grb8/untitled-snippet
In case you do not like to patch and compile the sources on your own you may download a copy of my compiled .deb-files:
- amd64 binaries: https://4ufiles.flo.sh/webhosting/apache2-mpm-peruser/debian-wheezy/amd64/apache2/
- i386 binaries: https://4ufiles.flo.sh/webhosting/apache2-mpm-peruser/debian-wheezy/i386/apache2/
Using “uname -m” and “dpkg –get-selections | grep apache2” you can determine which file(s) you need to download. Simply run “dpkg -i apache2*.deb” to install the files. Take care to maybe pick a hold on the packets until the Debian security team offers an official fix for this issue.