The website you posted provides the config settings (cipher suites) for apache, nginx, postfix, dovecot etc.: https://weakdh.org/sysadmin.html
jep. where can i find the config files to change? apache httpd.conf: SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}" postfix: smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem can i put the changes directly in etc/dovecot/dovecot.conf ? there is no string "ssl_cipher_list" and "ssl_dh_parameters_length = 2048"
All config files are in their default locations, there are no ispconfig specific config paths. The apache config is in /etc/apache2/ on debian and ubuntu and in /etc/httpd/ on centos. The postfix config file is /etc/postfix/main.cf The dovecot config file(s) are in /etc/dovecot/
ok. so it is /etc/apache2/apache2.conf i created dhparams.pem with root in /etc/ssl/private/ so there is no right permission problem with postfix and apache i guess?
dovecot warning. seems ok for me: May 20 20:43:50 server dovecot: ssl-params: Warning: Regenerating /var/lib/dovecot/ssl-parameters.dat for ssl_dh_parameters_length=2048 May 20 20:43:50 server dovecot: ssl-params: Generating SSL parameters postfix throws no errors and works. apache2 error: * Reloading web server apache2 * * The apache2 configtest failed. Not doing anything. Output of config test was: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:62 AH00526: Syntax error on line 227 of /etc/apache2/apache2.conf: Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. Note: no relevant entries in /var/log/apache2/error.log
here the entries in /etc/apache2/apache2.conf i made: Code: SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM$ SSLHonorCipherOrder on SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
oh. this was the apache version 2.4.7 i installed from your tutorial in 09-2014. and it is not updated through aptitude? how can i update this? edit: i checked the repo-version with apt-get install -s apache2. the 2.4.7. is the latest repository. then i will wait for updates. thx a lot Till. You are very kind.
When you dont get an update trough apt, then there is no newer version available for the linux distribution that you have installed yet.
I've just written down the steps for debian and ubuntu based servers: https://www.howtoforge.com/tutorial...-and-ubuntu-server-against-the-logjam-attack/