System is Ubuntu 12.04 LTS server, with openssl 1.0.1 and haproxy 1.5.9 OpenSSL> version OpenSSL 1.0.1 14 Mar 2012
I'm currently using the following, started with the suggested [stanzas][1] (formatted for readability, it is one long line in my config): bind 0.0.0.0:443 ssl crt mycert.pem no-tls-tickets ciphers \ ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384: \ ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: \ ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256: \ AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3 [1]: https://gist.github.com/rnewson/8384304 ssllabs.com indicates FS is not used. When I disable all algorithms except the ECDHE ones, I get SSL connection error (ERR_SSL_PROTOCOL_ERROR), so something on the system doesn't support FS. Any ideas? -- Sander Rijken
