httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LuKreme <krem...@kreme.com>
Subject [users@httpd] Checking SSLCiphersuite?
Date Wed, 04 Dec 2013 15:23:13 GMT
How do I checks what ciphers are available to the https compiled binary, and how do I check
with of those are active in the configuration?

Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with
a self-signed cert (there's no e-commerce or any financial data of any sort on the server).

If an existing server wants to switch so that all traffic is encrypted using DH if possible
(interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the
bushes?

If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?

To be accessible for most people (including some Windows XP users), what else do I need to
enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?

Which ones do I need to avoid?

-- 
It's like looking for the farmer's daughter in a haystack, and finding
the needle.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message