[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Problem with httpd and openssl on NetBSD-7.1
> +1 on the thanks - my bozohttpd+SSL seemingly stopped working with firefox
> several years ago and after fiddling around with it for a day w/o success
> I dropped the encryption as it was a LAN-only setup. I guess I misunderstood
> the man-page WRT the -Z option; "It also causes bozohttpd to start SSL
> mode" seemed to suggest there wasn't anything else needed since one
> generally expects the browser to do the negotiations for you.
> For anyone else: look at CIPHER LIST FORMAT in openssl_ciphers(1) for
> cipher string format. I just used '-z ALL' as I don't really care about
> the particulars and I'm using a self-signed cert.
Jeff, thanks for the reminder of that man page. I've just tried '-z
ALL', which similarly makes Firefox happy, but unfortunately, the score
that I then get at ssllabs.com drops to B. :-( In this respect, the
explicit listing that Aaron referred me to is more successful, because
the score in this case is A-.
I've now begun to suspect that httpd doesn't (yet?) support a cipher
suite with Forward Secrecy (this is the obstacle to a score of A), but
it would be great if someone could confirm this suspicion.
Main Index |
Thread Index |