j...@sdf.org wrote: > +1 on the thanks - my bozohttpd+SSL seemingly stopped working with firefox > several years ago and after fiddling around with it for a day w/o success > I dropped the encryption as it was a LAN-only setup. I guess I misunderstood > the man-page WRT the -Z option; "It also causes bozohttpd to start SSL > mode" seemed to suggest there wasn't anything else needed since one > generally expects the browser to do the negotiations for you. > > For anyone else: look at CIPHER LIST FORMAT in openssl_ciphers(1) for > cipher string format. I just used '-z ALL' as I don't really care about > the particulars and I'm using a self-signed cert.
Jeff, thanks for the reminder of that man page. I've just tried '-z ALL', which similarly makes Firefox happy, but unfortunately, the score that I then get at ssllabs.com drops to B. :-( In this respect, the explicit listing that Aaron referred me to is more successful, because the score in this case is A-. I've now begun to suspect that httpd doesn't (yet?) support a cipher suite with Forward Secrecy (this is the obstacle to a score of A), but it would be great if someone could confirm this suspicion. C.