Based on the cipher string you've provided, I see the ciphers you're looking for in openssl ciphers -v output.
Have you selected a ECDH Curve? Do you see any ECDH ciphers in the list? Also review http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000 Specifically you need (globally) ECDHCurve prime256v1 And in your listeners: Disable SSLv3 SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 Ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:-3DES:!MD5:!EXP:!PSK:!SRP:!DSS:3DES" (or your ciphers line, whichever) Ensure that DH_LEN=2048 in your makefile The above config gives me the ciphers you list, plus an A on SSL labs. ------ Joe CONFIDENTIALITY STATEMENT The documents and communication included in this email transmission may contain confidential information. All information is intended only for the use of the above named recipient(s). If you are not the named recipient, you are NOT authorized to read, disclose, copy, distribute, or take any action on the information and any action other than immediate delivery to the named recipient is strictly prohibited. If you have received this email in error, do NOT read the information and please immediately notify sender by telephone and email and immediately delete this email. If you are the named recipient, you are NOT authorized to reveal any of this information to any unauthorized person and are hereby instructed to delete this email when no longer needed. On 3/8/16, 3:20 AM, "Pound" <[email protected]> wrote: >Am 04.03.16 um 15:47 schrieb Pound: >> On 03.03.16 17:58, [email protected] wrote: >>> "Disable SSLv3" >>> This HTTPS listener config directive makes this work... >>> /Thomaw >> >> Thank you very much! Do you also know how to add these ciphers? >> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > >*bump* >The question is still unanswered. Anyone knows how to do this? > > >-- >To unsubscribe send an email with subject unsubscribe to [email protected]. >Please contact [email protected] for questions.
