Re: httpd vs TLS

To: wiz%NetBSD.org@localhost
Subject: Re: httpd vs TLS
From: tr%vispaul.me@localhost
Date: Thu, 17 Mar 2016 10:31:08 -0400

On 2016-03-16 18:19, Thomas Klausner wrote:

Then I tried connecting to https://wip.pkgsrc.org and firefox wenthaywire.

What version of Firefox? You may want to try adjusting the cipher list,withthe "-z” flag. I personally use the intermediate compatibility list fromMozilla

instead of the httpd defaults:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

Without using that cipher list I get a SSL_ERROR_NO_CYPHER_OVERLAP inFirefox 45

and httpd logs the error:
SSL Error: SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

I’m not a crypto expert so I rely on the list provided by Mozilla. Wemay need

to revise the default cipher list.

- Travis P

Follow-Ups:
- Re: httpd vs TLS
  - From: Thomas Klausner

References:
- httpd vs TLS
  - From: Thomas Klausner

Prev by Date: Re: httpd vs TLS
Next by Date: Re: httpd vs TLS
Previous by Thread: Re: httpd vs TLS
Next by Thread: Re: httpd vs TLS
Indexes:

Home | Main Index | Thread Index | Old Index