httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett @Google" <brett.maxfi...@gmail.com>
Subject Re: [users@httpd] Enabling ECDHE ciphers
Date Fri, 18 Apr 2014 03:02:15 GMT
*16-November-2013 Changes with Apache 2.2.26 (legacy)*

ASF changes:

  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
     OpenSSL 1.0.0b3.  [Vipul Gupta, Sander Temme, Stefan Fritsch]

So you need something at least 2.2.26 (the ECDH changes were
backported from 2.4)

We run 2.2.27 with 1.0.1g and it tests as an A on Qualsys (side effect
is you get Perfect Forward Security, except for some older IE
versions).

Cheers
Brett



On Fri, Apr 18, 2014 at 10:56 AM, Igor Cicimov <icicimov@gmail.com> wrote:

>
> On 18/04/2014 2:30 AM, "Hanno Böck" <hanno@hboeck.de> wrote:
> >
> > On Thu, 17 Apr 2014 12:27:37 -0400
> > Christopher Schultz <chris@christopherschultz.net> wrote:
> >
> > > I'm trying to enable (and prefer!) ECDHE ciphers for clients that can
> > > support them. I've done the obvious:
> > [...]
> > > I'm running httpd 2.2.23
> >
> > That's your problem. Get rid of that old cruft. You'll need apache 2.4
> > (for that and for many other improvements regarding ssl encryption).
> >
> No you don't i have 2.2 with latest openssl-1.0.1g on all my servers and
> TLSv1.2 and ECDHE ciphers are supported.
>
> > --
> > Hanno Böck
> > http://hboeck.de/
> >
> > mail/jabber: hanno@hboeck.de
> > GPG: BBB51E42
>



-- 
Whenever you find yourself on the side of the majority, it is time to pause
and reflect.

- Mark Twain

Mime
View raw message