Hi All,
I recall testing this project a LONG time ago when it was in alpha/beta. It has
come a long way and I now have a case to use Zen but am running in to an issue.
No matter what I have tried we are having an issue with iOS9 and the new ATS
requirement. In essence I can not find a set of ciphers (or any setting) that
will allow iOS 9 to connect through Zen when I am offloading SSL. The certs
meet all the requirements, they worked for this purpose on AWS ELB and directly
on nginx so we know they are good. I have tried at least a dozen cipher
combinations. No matter what when I test with the SSL labs test it always
fails. I only saw a brief discussion about weak ciphers related to Zen on this
list or somewhere. It had some mentions about changes to openssl through SSH
but not enough information to go on.
Current cipher list: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
I also tested this set, which is what cloud flare recommended and gives us an
A- using Zen on SSLLabs testing:
EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
Either way I am looking to see if there is some info or solution out there for
this. I’d rather keep Zen and even push the client towards a paid option if it
works out. Otherwise I guess I have to go back to HAProxy which I’d rather not.
Thanks!
- - - - -
Scott Berry
Lead Developer | Boom! Payments
m: 1.661.478.7144
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
