[Ach] Apache/2.2.22 (Wheezy) + FS in IE11

Kurt Roeckx kurt at roeckx.be
Tue Jan 7 23:52:20 CET 2014


On Tue, Jan 07, 2014 at 11:42:52PM +0100, Axel Hübl wrote:
> Hi,
> 
> is it possible to get FS for IE11 / Win7|8 with Apache prior to the
> tested Debian testing/jessie (2.4x) version? [1]
> 
> I am using the proposed ciphers (without camellia) with a StartSSL
> certificate (class 2).
> 
> It only ends up with
>   TLS 1.2 and TLS_RSA_WITH_AES_256_CBC_SHA
> for Apache 2.2.22 which is default in Debian stable (wheezy).
> 
> Why doesn't it agree on
>   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> which has FS?

I think you need:
SSLHonorCipherOrder on

Else the order of the client is going to be used, and IE is the
only major browser that doesn't have DH/DHE at the start of the
list it sends to the servers.


Kurt




More information about the Ach mailing list