Re: ssl_error_rx_unexpected_server_key_exch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 15, 2010 at 6:43 PM, Ricardo Stella <stella@xxxxxxxxx> wrote:

Hello,

We're getting these errors on some of our web servers (different
instances running on different ports) being detected by Firefox 3.6.9+

This happens after about a week of normal use.  A restart temporarily
fixes the problem, but we have not been able to find a solution from the
server side.

Tried different iterations of the SSLProtocol and SSLCipherSuite but not
able to get to one that works.  I've posted and got no answers back.
Supposedly the problem is Firefox does not like SSL DHE cipher suites,
however there's no documentation on how to 'fix it' from the server side.

Currently, I have the following (and still doesn't work):

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!kEDH:+HIGH:!MEDIUM

Thank you.
Not sure if this will help with what you are seeing, but I used the info available here to setup the SSLCipherSuite etc settings:
 
http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/
 
In particular this might be of some use
 
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder
 
The settings I use are:
 
SSLProtocol TLSv1 SSLv3
SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL
SSLHonorCipherOrder on
and have not seen any problems with Firefox (or any other browser) so far...
 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux