Deutsch | English

[Ach] Current cipher list (apache) and

Adi Kriegisch adi at
Thu Nov 13 08:18:48 CET 2014


> just update my apache configuration to latest cipher list of and checked the server using
> I get a report: "The server does not support Forward Secrecy with the reference browsers."
> Beneath "Handshake simulation" most reference browsers show a "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
> Is there something missing in the cipher list?
Most probably your version of Apache (v2.2?) does not support elliptic
curves (ECDHE); therefor you won't get forward secrecy with IE (except for
IE11 on Windows 8 which supports DHE).
You may either have a look at the Debian projects version of Apache
(because they backported EC-Support to Apache 2.2) or (probably better) put
an nginx in front of Apache because only the very latest versions of Apache
support Diffie Hellman parameters stronger than 1024bit.

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <>

More information about the Ach mailing list
Tel.: +43 1 5056416 78
mehr ...
mehr ...
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung