On Tue, 17 Dec 2013 18:52, d...@fifthhorseman.net said: > I think it depends on what flavor of IE you're using (and what version > of the underlying OS you're using as well). The version of schannel in
Seems so. I updated my Windows 7 box to IE11 with no channel. Maybe I need to update more. Anywa IE11 seems to pretty new. > If you want to be able to support these systems, you may need to add a > low-priority "Lowest Common Denominator" ciphersuite to match them. > Sadly, that seems likely to be TLS_RSA_WITH_3DES_EDE_CBC_SHA, unless Okay, IE users are anyway on Windows. So why provide PFS for an OS that may have a direct path to Maryland anyway. > supported by XP's native TLS stack). I've never even tried to get a DSA > certificate for a web server from any member of the CA cartel. Have you? No. I recall that I tried to get a certificate for mail use to test my DSA code in gpgsm but I was not able to get one. The customer then dropped the DSA support from the requirements list. For web servers this should be possible - why else do they add those algorithms. After all that could be a selling point for an E+V certificate - if they could only find a new color. > lowest-common-denominator ciphersuite unless it's the only one they > support, you should probably set "SSLHonorCipherOrder 1" in your pound Did exactly that for the g10code site buy now. I'll fix the intermediate CAcert certifciate problem tomorrow. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users