NOTE: CVE-2015-4000 is not completely fixed. We need to raise the
minimum DH key length to 1024, but shouldn't do this while many
servers still use 768 bits. To set up a server to test against,
edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
to always return a short key.
Drop this file once this has been done in all supported releases.