-1

We use apache 2.2, PHP 5.3 for a app running on Ubuntu 12.04 LTS. Currently we face a issue with ssltest.

"This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B"

https://security.stackexchange.com/questions/53537/how-to-get-an-a-on-qualys-ssl-labs-with-apache-2-2

This problem can be resolved if we upgrade to apache 2.4 or if we upgrade to > 2.2.26.

Is there a safe way to upgrade to apache 2.4 without upgrading PHP?

Since the application won't run on higher versions of PHP.

Community
  • 1
  • 1
Prasanth
  • 577
  • 1
  • 9
  • 24

2 Answers2

0

You can disable weak algorithms using SSLCipherSuite directive in Apache configuration.

umka
  • 1,655
  • 1
  • 12
  • 18
  • http://serverfault.com/questions/693241/how-to-fix-logjam-vulnerability-in-apache-httpd If you check that thread, im trying to implement step 3. Everything else is in place – Prasanth May 22 '15 at 12:11
0

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884

The above ticket addresses the issue. Version 2.2.22-1ubuntu1.9 of apache just released fixes it

Prasanth
  • 577
  • 1
  • 9
  • 24