Yes, the browser won't see the whole list, only the selected one.
On Fri, Oct 16, 2015 at 4:33 PM, Chris <[email protected]> wrote: > ahh so only one needs to be unbanned for it to work? > > the selected cipher isnt banned no. > > On 16 October 2015 at 15:32, Yann Ylavic <[email protected]> wrote: >> Some of them are not banned, so I don't see why Chrome should complain. >> Is the selected cipher a banned one? >> >> On Fri, Oct 16, 2015 at 4:29 PM, Chris <[email protected]> wrote: >>> here is my cipher list used in mod_ssl >>> >>> SSLCipherSuite >>> ECDHE-RSA-AES128-GCM-SHA256:ECDH+AES128:ECDHE-RSA-AES256-GCM-SHA384:ECDH+AES256:ECDH+3DES:CHACHA20+POLY1305:DHE-RSA-AES128-SHA:RSA+3DES:!aNULL:!MD5 >>> >>> note tho poly1305 doesnt work so ignore that one. >>> >>> On 16 October 2015 at 14:37, Eric Covener <[email protected]> wrote: >>>> On Fri, Oct 16, 2015 at 9:28 AM, Chris <[email protected]> wrote: >>>>> interesting that chrome is happily using h2 on my domain that I >>>>> activated for h2 earlier and I have a couple of banned ciphers in >>>>> mod_ssl. >>>> >>>> >>>> unbanned ones listed earlier, or no SSLHonorCipherOrder?
