Re: Problem with httpd and openssl on NetBSD-7.1

[jgw%sdf.org@localhost]

Christopher Pinon <cjpinon%secondfloor.xyz@localhost> wrote:

> Aaron B. <aaron%zadzmo.org@localhost> wrote:
>
> > On Mon, 01 May 2017 13:20:17 +0200
> > Christopher Pinon <cjpinon%secondfloor.xyz@localhost> wrote:
> > 
> > > - When I try to connect to my site via https using Firefox, Firefox
> > >   gives the error message: "Cannot communicate securely with peer: no
> > >   common encryption algorithm(s). Error code:
> > >   SSL_ERROR_NO_CYPHER_OVERLAP"
> > 
> > There's your problem here; Firefox and httpd can't find a common
> > algorithm.
> > 
> > Try explicity setting a cipher list in httpd; according to the man page
> > '-z' should do it...
> > 
>
> Thanks, Aaron, explicitly setting this list solved the Firefox problem!
> ..
>

+1 on the thanks - my bozohttpd+SSL seemingly stopped working with firefox
several years ago and after fiddling around with it for a day w/o success
I dropped the encryption as it was a LAN-only setup.  I guess I misunderstood
the man-page WRT the -Z option; "It also causes bozohttpd to start SSL
mode" seemed to suggest there wasn't anything else needed since one
generally expects the browser to do the negotiations for you.

For anyone else: look at CIPHER LIST FORMAT in openssl_ciphers(1) for
cipher string format.  I just used '-z ALL' as I don't really care about
the particulars and I'm using a self-signed cert.

Jeff