Apache 2.2 with PFS on Debian 7 wheezy and Ubuntu 12.04

Submitted by Nikolaus Polak on Sat, 04/12/2014 - 17:16
Kategorie

During I was changing all ssl keys because of the heartbleed bug I thought it is a good time to enable PFS on my Debian 7 und Ubuntu 12.04 LTS servers (ECC keys and ECDH ciphers). Here is a step by step howto, when its not your first time to install something from source it shouldn't be that hard:

1. Preperation - download source and needed tools

# apt-get install build-essential
# apt-get build-dep apache2
$ apt-get source apache2
$ wget https://github.com/apache/httpd/commit/058a25cdcb42572867d613ec13c68a350b9d57b6.patch

2. apply the patch (when patch askes for mod_ssl.xml fragt, press two times enter to skip)

$ cd apache2-2.2.22
$ patch -p1 < ../058a25cdcb42572867d613ec13c68a350b9d57b6.patch
$ dpkg-source --commit

3. in the file debian/changelog its a good idea to change the version, and perhaps add some short changelog

4. compile and install

$ dpkg-buildpackage; cd ..
My debian packages - please check first if you need/have installed the same!!:
# dpkg -i apache2_2.2.22-13+deb7u2_amd64.deb apache2-mpm-prefork_2.2.22-13+deb7u2_amd64.deb apache2-utils_2.2.22-13+deb7u2_amd64.deb apache2.2-bin_2.2.22-13+deb7u2_amd64.deb apache2.2-common_2.2.22-13+deb7u2_amd64.deb
My ubuntu packages - please check first if you need/have installed the same:
# dpkg -i apache2.2-bin_2.2.22-1ubuntu1.6_amd64.deb apache2-mpm-prefork_2.2.22-1ubuntu1.6_amd64.deb apache2-utils_2.2.22-1ubuntu1.6_amd64.deb apache2.2-common_2.2.22-1ubuntu1.6_amd64.deb 

5. Now adopt the ssl configuration in the apache2 config files, for example like hynek.me advices, reload apache - done, you should have PFS now.

Source: Debian bugreport