[Ach] Apache/2.2.22 (Wheezy) + FS in IE11

Aaron Zauner azet at azet.org
Wed Jan 8 10:55:14 CET 2014 

Axel Hübl wrote:
> I also checked my "openssl ciphers -V" on wheezy again and ECDHE is
> supported there, too.
Unfortunately it's not by apache. You can use the Backports or compile
by hand though.

Aaron






On Wed, Jan 8, 2014 at 12:15 AM, Axel Hübl <axel.huebl at web.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 08.01.2014 00:07, Kurt Roeckx wrote:
> > On Tue, Jan 07, 2014 at 11:57:01PM +0100, Axel Hübl wrote:
> >> Hi Kurt,
> >>
> >> that's on for sure, but ssllabs only shows the ciphers:
> >>
> >>> Cipher Suites (SSL 3+ suites in server-preferred order, then
> >>> SSL 2 suites where used)
> >>>
> >>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> >>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> >>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> >>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> >>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> >>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA
> >>> TLS_RSA_WITH_AES_128_CBC_SHA
> >>
> >> so I guess its about the "old" apache?
> >
> > That's most likely an apache 2.2 version then?  The version in
> > wheezy doesn't do ECDHE, but we might backport that.  The version
> > in Jessie does.
> >
> >
> > Kurt
>
> Yes, it is only a 2.2.22 in wheezy right now.
>
> > The version in wheezy doesn't do ECDHE, but we might backport
> > that.
> Well, that would be great! :)
>
> (Even if I have to choose between:
>    no FS for IE11 vs
>    no security patches for backports vs
>    full testing system on a production server)
>
> I also checked my "openssl ciphers -V" on wheezy again and ECDHE is
> supported there, too.
>
> Best,
> Axel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.15 (GNU/Linux)
>
> iQJ8BAEBCgBmBQJSzIqnXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
> RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lLQsP/AqPp03QBVBSH8Zi/nM66NJR
> ZNz8av/kPpQd7q3/03GC9nfQdXxadAXrkzzXHsd1/8jbAxQs6VNeUo2uQO1RbKC7
> RwRSyJkduMLusoxUQNL0tnyVZrhUwuf3+hi5xwq+8dfEe/QxaJTGpKUFfl7zo/1/
> SoaIFHsPI8qFXcXEtuj2hUwEMkJdIZiov8b2ofECOLaM+O9zCbFj1hyvSzZSN3iw
> Cw7t16wKdc+tuL0gZLE41/liRsBxUVwWYQlWG5LUgaWhfFStDZUcxQWp/kLkcoFs
> w8aL6+eD7SpVywELTr4QrHiU5bTIRqjoE2s7key4H/saSs5euRU2jniDFjB91RnD
> xRAcVYdqHW6qkuc7SwLdFcjSxmymXxI3bCoyw38M07zQ5VHjawql7Mef0q6Q1Fa7
> mkT1pDOUAHj//gvjYIGLsiE3ZuSMePp635V6oJJHx+uunVE+vCnd8+6QJeuAEJAR
> uYoDrWieS4gBCtdbjKd3rjZLEt1iY3Sxkj7iqdgzpckadf42m90pK7UR55cr36St
> z/XLdELHwryydLkXCAkP8b3SNNnM30xKX21hk6GaP0f3QaAiWwG62xgIe+xkr/As
> Tu7opsZW1V5NadwO6wwwutWjaRz725iJOngpR/4tiWKNgAbbFoUqsj04tDBlceAi
> CYTRv2c1fA1QQuHlw3Rj
> =+TsD
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140108/7352761c/attachment.html>

More information about the Ach mailing list