Re: Problem with httpd and openssl on NetBSD-7.1

[Christopher Pinon <cjpinon%secondfloor.xyz@localhost>]

jgw%sdf.org@localhost wrote:

> +1 on the thanks - my bozohttpd+SSL seemingly stopped working with firefox
> several years ago and after fiddling around with it for a day w/o success
> I dropped the encryption as it was a LAN-only setup.  I guess I misunderstood
> the man-page WRT the -Z option; "It also causes bozohttpd to start SSL
> mode" seemed to suggest there wasn't anything else needed since one
> generally expects the browser to do the negotiations for you.
> 
> For anyone else: look at CIPHER LIST FORMAT in openssl_ciphers(1) for
> cipher string format.  I just used '-z ALL' as I don't really care about
> the particulars and I'm using a self-signed cert.

Jeff, thanks for the reminder of that man page. I've just tried '-z
ALL', which similarly makes Firefox happy, but unfortunately, the score
that I then get at ssllabs.com drops to B. :-( In this respect, the
explicit listing that Aaron referred me to is more successful, because
the score in this case is A-.

I've now begun to suspect that httpd doesn't (yet?) support a cipher
suite with Forward Secrecy (this is the obstacle to a score of A), but
it would be great if someone could confirm this suspicion.

C.