Hi, I'm using NetBSD-7.1 (i386) and am trying to get (bozo)httpd (in the base) and openssl to work well together. My certificates are from Let's Encrypt: they're fine (I also use them for secure mail connections). Here's what I'm experiencing with httpd:
- When I try to connect to my site via https using Firefox, Firefox gives the error message: "Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP" - However, using the SSL Checker of sslshopper.com, everything seems okay (four green checkmarks, no warnings). - Using the SSL Server Test of ssllabs.com, I get an overall rating of A- with the remark: "The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-." The detailed report also confirms that any recent version of Firefox will fail: "Server sent fatal alert: handshake_failure" My conclusion is that the lack of Forward Secrecy is the culprit here. What I don't know is whether there's anything that I can do about this. Two questions: (i) Can anyone reproduce this behavior? (ii) Is there an easy way to solve this problem? (Short of using another web server!) Any feedback would be appreciated! C.
