<div dir="ltr"><div>Axel Hübl wrote:</div><div>> I also checked my "openssl ciphers -V" on wheezy again and ECDHE is</div><div>> supported there, too.</div><div>Unfortunately it's not by apache. You can use the Backports or compile</div>
<div>by hand though.</div><div><br></div><div>Aaron</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 8, 2014 at 12:15 AM, Axel Hübl <span dir="ltr"><<a href="mailto:axel.huebl@web.de" target="_blank">axel.huebl@web.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
</div><div class="im">On 08.01.2014 00:07, Kurt Roeckx wrote:<br>
> On Tue, Jan 07, 2014 at 11:57:01PM +0100, Axel Hübl wrote:<br>
>> Hi Kurt,<br>
>><br>
>> that's on for sure, but ssllabs only shows the ciphers:<br>
>><br>
>>> Cipher Suites (SSL 3+ suites in server-preferred order, then<br>
>>> SSL 2 suites where used)<br>
>>><br>
>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384<br>
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256<br>
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256<br>
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256<br>
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br>
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA<br>
>>> TLS_RSA_WITH_AES_128_CBC_SHA<br>
>><br>
>> so I guess its about the "old" apache?<br>
><br>
> That's most likely an apache 2.2 version then?  The version in<br>
> wheezy doesn't do ECDHE, but we might backport that.  The version<br>
> in Jessie does.<br>
><br>
><br>
> Kurt<br>
<br>
</div>Yes, it is only a 2.2.22 in wheezy right now.<br>
<div class="im"><br>
> The version in wheezy doesn't do ECDHE, but we might backport<br>
> that.<br>
</div>Well, that would be great! :)<br>
<br>
(Even if I have to choose between:<br>
   no FS for IE11 vs<br>
   no security patches for backports vs<br>
   full testing system on a production server)<br>
<br>
I also checked my "openssl ciphers -V" on wheezy again and ECDHE is<br>
supported there, too.<br>
<br>
Best,<br>
Axel<br>
<div class="im">-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.15 (GNU/Linux)<br>
<br>
</div>iQJ8BAEBCgBmBQJSzIqnXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w<br>
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE<br>
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lLQsP/AqPp03QBVBSH8Zi/nM66NJR<br>
ZNz8av/kPpQd7q3/03GC9nfQdXxadAXrkzzXHsd1/8jbAxQs6VNeUo2uQO1RbKC7<br>
RwRSyJkduMLusoxUQNL0tnyVZrhUwuf3+hi5xwq+8dfEe/QxaJTGpKUFfl7zo/1/<br>
SoaIFHsPI8qFXcXEtuj2hUwEMkJdIZiov8b2ofECOLaM+O9zCbFj1hyvSzZSN3iw<br>
Cw7t16wKdc+tuL0gZLE41/liRsBxUVwWYQlWG5LUgaWhfFStDZUcxQWp/kLkcoFs<br>
w8aL6+eD7SpVywELTr4QrHiU5bTIRqjoE2s7key4H/saSs5euRU2jniDFjB91RnD<br>
xRAcVYdqHW6qkuc7SwLdFcjSxmymXxI3bCoyw38M07zQ5VHjawql7Mef0q6Q1Fa7<br>
mkT1pDOUAHj//gvjYIGLsiE3ZuSMePp635V6oJJHx+uunVE+vCnd8+6QJeuAEJAR<br>
uYoDrWieS4gBCtdbjKd3rjZLEt1iY3Sxkj7iqdgzpckadf42m90pK7UR55cr36St<br>
z/XLdELHwryydLkXCAkP8b3SNNnM30xKX21hk6GaP0f3QaAiWwG62xgIe+xkr/As<br>
Tu7opsZW1V5NadwO6wwwutWjaRz725iJOngpR/4tiWKNgAbbFoUqsj04tDBlceAi<br>
CYTRv2c1fA1QQuHlw3Rj<br>
=+TsD<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>_______________________________________________<br>
Ach mailing list<br>
<a href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>
<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>
<br></blockquote></div><br></div>