NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problem with httpd and openssl on NetBSD-7.1



Aaron B. <aaron%zadzmo.org@localhost> wrote:

> On Mon, 01 May 2017 13:20:17 +0200
> Christopher Pinon <cjpinon%secondfloor.xyz@localhost> wrote:
> 
> > - When I try to connect to my site via https using Firefox, Firefox
> >   gives the error message: "Cannot communicate securely with peer: no
> >   common encryption algorithm(s). Error code:
> >   SSL_ERROR_NO_CYPHER_OVERLAP"
> 
> There's your problem here; Firefox and httpd can't find a common
> algorithm.
> 
> Try explicity setting a cipher list in httpd; according to the man page
> '-z' should do it. I recommend starting Cloudflare's cipher list as this
> quickly gets very complicated and annoying.
> 
> https://support.cloudflare.com/hc/en-us/articles/200933580-What-cipher-suites-does-Cloudflare-use-for-SSL-

Thanks, Aaron, explicitly setting this list solved the Firefox problem!

The SSL Server Test of ssllabs.com still gives me a score of A-, because
the lack of Forward Secrecy is apparently still an issue, but now it's
at least clear that the Firefox problem wasn't caused by the lack of
Forward Secrecy per se.

C.


Home | Main Index | Thread Index | Old Index