Re: Enabling ECDHE ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

16-November-2013 Changes with Apache 2.2.26 (legacy)
ASF changes:

  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
     OpenSSL 1.0.0b3.  [Vipul Gupta, Sander Temme, Stefan Fritsch]

So you need something at least 2.2.26 (the ECDH changes were backported from 2.4)
We run 2.2.27 with 1.0.1g and it tests as an A on Qualsys (side effect is you get Perfect Forward Security, except for some older IE versions).
Cheers
Brett


On Fri, Apr 18, 2014 at 10:56 AM, Igor Cicimov <icicimov@xxxxxxxxx> wrote:


On 18/04/2014 2:30 AM, "Hanno Böck" <hanno@xxxxxxxxx> wrote:
>
> On Thu, 17 Apr 2014 12:27:37 -0400
> Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > I'm trying to enable (and prefer!) ECDHE ciphers for clients that can
> > support them. I've done the obvious:
> [...]
> > I'm running httpd 2.2.23
>
> That's your problem. Get rid of that old cruft. You'll need apache 2.4
> (for that and for many other improvements regarding ssl encryption).
>
No you don't i have 2.2 with latest openssl-1.0.1g on all my servers and TLSv1.2 and ECDHE ciphers are supported.

> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@xxxxxxxxx
> GPG: BBB51E42




--
Whenever you find yourself on the side of the majority, it is time to pause and reflect.

- Mark Twain
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux