Re: httpd vs TLS

To: tr%vispaul.me@localhost
Subject: Re: httpd vs TLS
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Fri, 18 Mar 2016 00:35:25 +0100

On Thu, Mar 17, 2016 at 04:46:02PM -0400, tr%vispaul.me@localhost wrote:
> On 2016-03-17 16:30, Mateusz Kocielski wrote:
> >older browsers have troubles in connecting to bozo as it's current
> >configuration is too restrictive.
> 
> Trying the Intermediate compatibility cipher list should fix it:
> https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
> 
> I've tested it with Firefox 45 and httpd from current with something like:
> 
> CIPHERS="... list of ciphers from link ..."
> /usr/libexec/httpd -b -f -X -s -z $CIPHERS -Z /root/my.cert /root/my.key
> /var/www
> 
> And that worked for me, the default cipher list compiled into httpd is a bit
> too
> restrictive for Firefox and older browsers.  I didn't need to enable TLS 1.0
> or
> recompile in my test.

Thank you. I've added the list from the link and it seems to work fine now.

There's still one problem, but that's not for this list (redirect broken).
 Thomas

Follow-Ups:
- Re: httpd vs TLS
  - From: Mateusz Kocielski

References:
- httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: tr
- Re: httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: Martin Husemann
- Re: httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: Mateusz Kocielski
- Re: httpd vs TLS
  - From: tr

Prev by Date: Re: httpd vs TLS
Next by Date: Re: httpd vs TLS
Previous by Thread: Re: httpd vs TLS
Next by Thread: Re: httpd vs TLS
Indexes:

Home | Main Index | Thread Index | Old Index