How to make apache 2.2 in debian lenny use Diffie Hellman key exchange with keys larger than 1024bits?
I found a patch that theoretically adds this ability at Apache bugzilla but can't find any discussion about it.
If it's not possible with mod_ssl, is it possible with GNUtls?
From what I was able to deduce, GNUtls uses the same size for DH as is the size of RSA key in certificate. So, if the key is 2048bit, it will automatically generate and use 2048bit DH key exchange parameters.
The downside of mod_gnutls is that its version in lenny and wheezy doesn't support secure renegotiation.