Re: httpd vs TLS

To: Mateusz Kocielski <shm%digitalsun.pl@localhost>
Subject: Re: httpd vs TLS
From: tr%vispaul.me@localhost
Date: Thu, 17 Mar 2016 16:46:02 -0400

On 2016-03-17 16:30, Mateusz Kocielski wrote:

older browsers have troubles in connecting to bozo as it's current
configuration is too restrictive.


Trying the Intermediate compatibility cipher list should fix it:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

I've tested it with Firefox 45 and httpd from current with somethinglike:


CIPHERS="... list of ciphers from link ..."

/usr/libexec/httpd -b -f -X -s -z $CIPHERS -Z /root/my.cert /root/my.key/var/www

And that worked for me, the default cipher list compiled into httpd is abit toorestrictive for Firefox and older browsers. I didn't need to enable TLS1.0 or

recompile in my test.

Follow-Ups:
- Re: httpd vs TLS
  - From: Thomas Klausner

References:
- httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: tr
- Re: httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: Martin Husemann
- Re: httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: Mateusz Kocielski

Prev by Date: Re: httpd vs TLS
Next by Date: Re: httpd vs TLS
Previous by Thread: Re: httpd vs TLS
Next by Thread: Re: httpd vs TLS
Indexes:

Home | Main Index | Thread Index | Old Index