> Colony.three via openssl-users wrote:
>
>> I've set mine to test this comprehensively. (Apache and NginX) With
>> Apache Firefox -ignores- server-prescribed ciphers and chooses an EC.
>> NginX does properly prevail with the algo. Was this an accident, Apache?
>>
>> I'd suggest to read the Apache httpd docs first:
>>
>> https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder
So you think I didn't use this.
For those who are aware, I implied this by intentionally using the word
'insist' WRT NginX. I could have overtly said what proper options I'd used for
every case in every instance, but I was hoping ppl here would see.
This is why I believe this is not an accident.
Hear about the [HP keylogging
case](http://www.bbc.com/news/technology-42309371) recently? Do you think a
keylogger is actually used in testing of a keyboard driver, in practice?
How about you actually try SSLHonorCipherOrder on in Apache, Michael, and try
the different cipher combinations? Let us know how it works out.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
