Package: lighttpd Version: 1.4.69-1 Since our upgrade to Debian 12, lighttpd now uses insecure Diffie-Hellman parameters ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63 b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d5 1c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899f a5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39 a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d6 70c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b 2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2 261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb8 50458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94 e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18 177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce 0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186 af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fb ecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2 d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c0 8f4df435c934063199ffffffffffffffff
And this despite having pointed ssl.dh-file to a self generated dh param file, as described in https://weakdh.org/sysadmin.html In Debian 11, an identical configuration was using our locally generated secure dh parameters. Thanks, -- Alain Knaff Ingénieur Informaticien LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG Ministère de l'Environnement, du Climat et du Développement durable Administration de l'environnement 1, avenue du Rock'n'Roll . L-4361 Esch-sur-Alzette Tél. (+352) 40 56 56-309 E-Mail: alain.kn...@aev.etat.lu www.emwelt.lu . www.environnement.public.lu . www.luxembourg.lu
