Problem with httpd and openssl on NetBSD-7.1

To: netbsd-users%netbsd.org@localhost
Subject: Problem with httpd and openssl on NetBSD-7.1
From: Christopher Pinon <cjpinon%secondfloor.xyz@localhost>
Date: Mon, 01 May 2017 13:20:17 +0200

Hi,

I'm using NetBSD-7.1 (i386) and am trying to get (bozo)httpd (in the
base) and openssl to work well together. My certificates are from Let's
Encrypt: they're fine (I also use them for secure mail
connections). Here's what I'm experiencing with httpd:

- When I try to connect to my site via https using Firefox, Firefox
  gives the error message: "Cannot communicate securely with peer: no
  common encryption algorithm(s). Error code:
  SSL_ERROR_NO_CYPHER_OVERLAP"

- However, using the SSL Checker of sslshopper.com, everything seems
  okay (four green checkmarks, no warnings).

- Using the SSL Server Test of ssllabs.com, I get an overall rating of
  A- with the remark: "The server does not support Forward Secrecy with
  the reference browsers. Grade reduced to A-." The detailed report also
  confirms that any recent version of Firefox will fail: "Server sent
  fatal alert: handshake_failure"

My conclusion is that the lack of Forward Secrecy is the culprit
here. What I don't know is whether there's anything that I can do about
this. Two questions:

(i) Can anyone reproduce this behavior?

(ii) Is there an easy way to solve this problem? (Short of using another
web server!)

Any feedback would be appreciated!

C.

Follow-Ups:
- Re: Problem with httpd and openssl on NetBSD-7.1
  - From: Aaron B.

Prev by Date: dhcrelay broken on netbsd-7 ?
Next by Date: Re: Problem with httpd and openssl on NetBSD-7.1
Previous by Thread: dhcrelay broken on netbsd-7 ?
Next by Thread: Re: Problem with httpd and openssl on NetBSD-7.1
Indexes:

Home | Main Index | Thread Index | Old Index