[Ach] Apache/2.2.22 (Wheezy) + FS in IE11

Axel Hübl axel.huebl at web.de
Tue Jan 7 23:57:01 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Kurt,

that's on for sure, but ssllabs only shows the ciphers:

> Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2
> suites where used)
> 
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
> TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA

so I guess its about the "old" apache?

Best,
Axel
On 07.01.2014 23:52, Kurt Roeckx wrote:
> On Tue, Jan 07, 2014 at 11:42:52PM +0100, Axel Hübl wrote:
>> Hi,
>> 
>> is it possible to get FS for IE11 / Win7|8 with Apache prior to
>> the tested Debian testing/jessie (2.4x) version? [1]
>> 
>> I am using the proposed ciphers (without camellia) with a
>> StartSSL certificate (class 2).
>> 
>> It only ends up with TLS 1.2 and TLS_RSA_WITH_AES_256_CBC_SHA for
>> Apache 2.2.22 which is default in Debian stable (wheezy).
>> 
>> Why doesn't it agree on TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA which
>> has FS?
> 
> I think you need: SSLHonorCipherOrder on
> 
> Else the order of the client is going to be used, and IE is the 
> only major browser that doesn't have DH/DHE at the start of the 
> list it sends to the servers.
> 
> 
> Kurt
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQJ8BAEBCgBmBQJSzIY9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lVeoP/j8L+FVf9brqe+/FahMiQZ4Z
LIVav2rP5/n1RTDtg98bQ287KILkdDiT74TUxGaIPwmY5Yecui7O6Kol5+39KJM3
q968LT987eSAPRP/X2QVDX+fYvUfEAGzaVHeWexXP3LW45TOkuxF/YMI6TgrIdQD
0vgExVfYUA8ind2O0UWMMpNfY0wfdSQDZoD4DNmsxfb+gH6VWXGsNY5gP2Gbkhww
zXIO7ymG4qJUGoImcTtWwK48bFv90gW78+vS6hZxOQVly1Ev9wWK+3y8liQ8XUjd
ztZMdNwDLv4DTMEc0/AOoboB+7zfyn1QX0bEjWcoMgJhu91vkAm8r/dpgY2xwltT
nz3hsRtCYOGNihxvTwAg1qb1S0sTgUeScfQmW1L/6rtt9/OdRHL1wsgmN1P+tCFr
Qf5y38f7GKZhd82jGtRFcQPVopmjPSvKKCcJmd2Gx/McBjStzfKah2n9W4vFWS14
Qay2BVao3SHUn8SV7vISssQBXeBvVtzudiedAVaK5kqCAhX+095nQFhMLoodUo5A
0eZZ8gup0dKZCs/WCt0SD+X2lWfH0RHngDi8G2A7Un0cVMDwk5ggh3oGs4+tpvT5
8jPLfiD54usesSjejelSEwFwQiGkwP2aV5GpxY9J5gD64MYzLkpB/7Yu2wU1j4vC
oIoDPh9diNokHBPlczi6
=C7YX
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140107/c2e4de20/attachment.bin>

More information about the Ach mailing list