[Ach] Apache/2.2.22 (Wheezy) + FS in IE11
Axel Hübl
axel.huebl at web.de
Tue Jan 7 23:57:01 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Kurt,
that's on for sure, but ssllabs only shows the ciphers:
> Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2
> suites where used)
>
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA
so I guess its about the "old" apache?
Best,
Axel
On 07.01.2014 23:52, Kurt Roeckx wrote:
> On Tue, Jan 07, 2014 at 11:42:52PM +0100, Axel Hübl wrote:
>> Hi,
>>
>> is it possible to get FS for IE11 / Win7|8 with Apache prior to
>> the tested Debian testing/jessie (2.4x) version? [1]
>>
>> I am using the proposed ciphers (without camellia) with a
>> StartSSL certificate (class 2).
>>
>> It only ends up with TLS 1.2 and TLS_RSA_WITH_AES_256_CBC_SHA for
>> Apache 2.2.22 which is default in Debian stable (wheezy).
>>
>> Why doesn't it agree on TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA which
>> has FS?
>
> I think you need: SSLHonorCipherOrder on
>
> Else the order of the client is going to be used, and IE is the
> only major browser that doesn't have DH/DHE at the start of the
> list it sends to the servers.
>
>
> Kurt
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQJ8BAEBCgBmBQJSzIY9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lVeoP/j8L+FVf9brqe+/FahMiQZ4Z
LIVav2rP5/n1RTDtg98bQ287KILkdDiT74TUxGaIPwmY5Yecui7O6Kol5+39KJM3
q968LT987eSAPRP/X2QVDX+fYvUfEAGzaVHeWexXP3LW45TOkuxF/YMI6TgrIdQD
0vgExVfYUA8ind2O0UWMMpNfY0wfdSQDZoD4DNmsxfb+gH6VWXGsNY5gP2Gbkhww
zXIO7ymG4qJUGoImcTtWwK48bFv90gW78+vS6hZxOQVly1Ev9wWK+3y8liQ8XUjd
ztZMdNwDLv4DTMEc0/AOoboB+7zfyn1QX0bEjWcoMgJhu91vkAm8r/dpgY2xwltT
nz3hsRtCYOGNihxvTwAg1qb1S0sTgUeScfQmW1L/6rtt9/OdRHL1wsgmN1P+tCFr
Qf5y38f7GKZhd82jGtRFcQPVopmjPSvKKCcJmd2Gx/McBjStzfKah2n9W4vFWS14
Qay2BVao3SHUn8SV7vISssQBXeBvVtzudiedAVaK5kqCAhX+095nQFhMLoodUo5A
0eZZ8gup0dKZCs/WCt0SD+X2lWfH0RHngDi8G2A7Un0cVMDwk5ggh3oGs4+tpvT5
8jPLfiD54usesSjejelSEwFwQiGkwP2aV5GpxY9J5gD64MYzLkpB/7Yu2wU1j4vC
oIoDPh9diNokHBPlczi6
=C7YX
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140107/c2e4de20/attachment.bin>
More information about the Ach
mailing list