Hi, If you use the recommendation for nginx and configure the ciphers to AES256+EECDH:AES256+EDH with HTTP2 enabled your Chrome users will get: ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
There'a an issue thread here which is closed with WontFix: https://code.google.com/p/chromium/issues/detail?id=545757 You could add ECDHE-RSA-AES128-GCM-SHA256 to your cipherlist to satisfy an HTTP2 MUST requirement: "To avoid this problem causing TLS handshake failures, deployments of HTTP/2 that use TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [TLS-ECDHE] with the P-256 elliptic curve [FIPS186]." Best regards, Maciej Soltysiak DNSCrypt Poland https://dnscrypt.pl/ On Wed, Feb 3, 2016 at 8:10 AM, A. Schulze <[email protected]> wrote: > Hello, > > MAAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group, just > published a > Recommendations for Using Forward Secrecy: > > https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf > > As our company is a MAAWG member I could give feedback to the authors if > necessary. > > Andreas > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach >
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
