[Ach] Disabling anonymous ciphers

Christian Rishøj christian at rishoj.net
Mon Jan 6 16:39:21 CET 2014

On 6 Jan 2014, at 15:23, Aaron Zauner <azet at azet.org> wrote:

>>>  This server supports anonymous (insecure) suites (see below for
>>>  details). Grade set to F.
> [...]
>>  Did I screw up? If not, I think the guide could use either a
>>  correction or an explanation.
> Please use the configurations provided in the Paper on bettercrypto.org

Thanks, seeing a grade "A" from SSLLabs now. 

Actually, an old leftover configuration directive in a VirtualHost segment – and not the duraconf value – was probably to blame for the anonymous ciphers.

On a related note, the handshake simulations as IE6/XP and IE8/XP are failing:

> Protocol or cipher suite mismatch

I should mention that I have not confirmed this using an actual IE 6 browser, and that SSLLabs puts this footnote on the result: "Only first connection attempt simulated. Browsers tend to retry with a lower protocol version."

Is it known to be a non-issue?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140106/a8ff3261/attachment.sig>

More information about the Ach mailing list