>> Thanks for the link. Which ssl_ciphers do you use? Which one does >> openssl show you're using? I have: >> >> ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; >> >> and 'openssl s_client -host HOSTNAME -port 443' shows: >> >> Cipher : ECDHE-RSA-AES256-GCM-SHA384 >> >> I also get "Verify return code: 20 (unable to get local issuer >> certificate)" from that command but I'm guessing that's OK since I get >> the same when using www.google.com as the HOSTNAME. >> >> - Grant >> > > I use exactly the one specified at the blog entry.
OK but the only one posted in the blog entry is the problematic one: ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH; - Grant
