On Tue, 2016-09-13 at 16:03 +0100, Nux! wrote: > Nikos, > > Thanks for that, it will take me a bit to digest it. > The cert might be as you suspect since it's a letsencrypt one. Could you paste the text form of your certificate (not key) as reported by certtool or openssl x509? >From certtool you should see something like: Key Purpose (not critical): TLS WWW Server. Key Usage (critical): Digital signature. Key encipherment. The Digital signature part of the key usage enables the DHE and ECDHE ciphersuites (forward secrecy). regards, Nikos
