[Ach] Disabling anonymous ciphers
Christian Rishøj
christian at rishoj.net
Mon Jan 6 16:39:21 CET 2014
On 6 Jan 2014, at 15:23, Aaron Zauner <azet at azet.org> wrote:
>>> This server supports anonymous (insecure) suites (see below for
>>> details). Grade set to F.
>
> [...]
>
>> Did I screw up? If not, I think the guide could use either a
>> correction or an explanation.
>
> Please use the configurations provided in the Paper on bettercrypto.org
Thanks, seeing a grade "A" from SSLLabs now.
Actually, an old leftover configuration directive in a VirtualHost segment – and not the duraconf value – was probably to blame for the anonymous ciphers.
On a related note, the handshake simulations as IE6/XP and IE8/XP are failing:
> Protocol or cipher suite mismatch
I should mention that I have not confirmed this using an actual IE 6 browser, and that SSLLabs puts this footnote on the result: "Only first connection attempt simulated. Browsers tend to retry with a lower protocol version."
Is it known to be a non-issue?
Thanks,
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140106/a8ff3261/attachment.sig>
More information about the Ach
mailing list