OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096

Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8 Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity. Fixes: #12632 From: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2026-04-26 19:00:34 +02:00 · 2022-11-11 12:14:37 +00:00
parent c899c04b11
commit 35494eac83
8 changed files with 11 additions and 260 deletions
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -123,5 +123,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make install
 	install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl

+	# Install RFC 7919 defined standard group ffdhe4096
+	install -m 0644 $(DIR_SRC)/config/ssl/ffdhe4096.pem /etc/ssl
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)