Am 27.06.2016 um 18:41 schrieb Tom Horsley:
On Mon, 27 Jun 2016 10:25:56 -0600 Orion Poplawski wrote:Secure Connection FailedA lot of older browsers have been failing recently on https web sites because the newer apache refuses to speak many of the older encryption protocols (I guess the same group that did in all the encryption algorithms in sshd got to these too). Don't know if that is what is going on with koji, but it might be. (I'm not actually sure how to tell)
Cipher Suites (sorted by strength as the server has no preference) combined with RC4 sounds not like that
the only positive thing which can be said is SHA256 certs is it *really* that hard to configure TLS proper? SSLProtocol All -SSLv2 -SSLv3 SSLFIPS Off SSLCompression Off SSLInsecureRenegotiation Off SSLSessionTickets Off SSLHonorCipherOrder OnSSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM
___________________________________is it really that hard to set "ServerTokens Prod" in the config instead blowing out modules and versions?
[harry@srv-rhsoft:~]$ curl --head --insecure https://koji.rpmfusion.org/koji/
HTTP/1.1 200 OK Date: Mon, 27 Jun 2016 16:52:51 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_auth_kerb/5.4 mod_wsgi/3.4 Python/2.7.5
Content-Length: 11993 Allow: GET, POST, HEAD AppTime: D=290432 AppServer: koji01.online.rpmfusion.net Content-Type: text/html; charset=UTF-8
signature.asc
Description: OpenPGP digital signature
