On 08.03.16, 17:08, Joe Gooch wrote: > Based on the cipher string you've provided, I see the ciphers you're looking > for in openssl ciphers -v output. > > Have you selected a ECDH Curve? Do you see any ECDH ciphers in the list? > > Also review > http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000 > > > Specifically you need (globally) > ECDHCurve prime256v1 > > And in your listeners: > Disable SSLv3 > SSLAllowClientRenegotiation 0 > SSLHonorCipherOrder 1 > > Ciphers > "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:-3DES:!MD5:!EXP:!PSK:!SRP:!DSS:3DES" > > > (or your ciphers line, whichever)
Thank you for this info. However: > Ensure that DH_LEN=2048 in your makefile How can I tell? I'm using the FreeBSD-Port: https://svnweb.freebsd.org/ports/head/www/pound Can I just add this to the rest of the port options, if necessary? -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
