Dear Gustaf, Yes, I suppose is very rough but to have some reference.
My openssl setup (Debian): >openssl version OpenSSL 1.0.1e 11 Feb 2013 It seems to be same version. Might be something with the certificate (mine is StartComm Class 1)? I'll rebuild naviserver. One question, nssl builds from HEAD or I had to change something? Cesáreo El 05/abril/14 07:12, Gustaf Neumann escribió: > Dear Cesáreo, > > it is the same grade (which is a very rough and imprecise rating), but > on your site, > there is no FS used for any browser. i've now configured the below > cipher set & protocols on next-scripting.org, and if you compare > e.g. the output Android 2.3.7, next-scripting has FS, but cesareox not. > > Android 2.3.7 > <https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=2.3.7> > No SNI ^2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (|0x33|) FS > 128 > > > Maybe you are using an older version of OpenSSL. I've updated just now > nsssl > on bitbucket to report the OpenSSL version number to the log file. On > next-scripting, it says: > > Notice: nsssl: version 0.4 loaded, based on OpenSSL 1.0.1e-fips 11 > Feb 2013 > > This is the version number coming with Fedora release 20 (Heisenbug). > Please check, what you get. > > Best regards > -g > > Am 04.04.14 23:00, schrieb Cesáreo García Rodicio: >> I get the same A- grade: >> https://www.ssllabs.com/ssltest/analyze.html?d=cesareox.com (because of PFS) >> >> My ciphers and protocols: >> >> ns_param ciphers >> "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK" >> ns_param protocols "SSLv3, TLSv1" >> >> As seen on: >> https://wiki.mozilla.org/Security/Server_Side_TLS >> > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > ------------------------------------------------------------------------------ _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
