Hi, it´s possible that the entry is going wron in this mail?
kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED the "k" in front of some entrys? Like those https://www.kuketz-blog.de/nsa-abhoersichere-ssl-verschluesselung-fuer-apache-und-nginx/ Regards Martin -----Ursprüngliche Nachricht----- Von: Grayhat [mailto:[email protected]] Gesendet: Freitag, 3. Juni 2016 09:07 An: [email protected] Betreff: Re: [Assp-test] Couldn't upgrade to TLS for client :: On Thu, 2 Jun 2016 11:55:38 +0000 :: <[email protected]> :: Martin Voßloh <[email protected]> wrote: > Hello, > > I have very often this error in my logs: > Jun-01-16 11:39:39 [Worker_5] Error: Couldn't upgrade to TLS for > client XXX.XXX.XXX.XXX: > > These settings I have for: SSL version used for transmission > (SSL_version) SSLv23:!SSLv3:!SSLv2 first of all, try the following DoTLS do TLS SSL_version SSLv23:!SSLv3:!SSLv2 SSL_cipher_list kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED the above will give you a decent cipher suites combo offering strong ciphers first but allowing to downgrade to weak ones in case the remote client doesn't support the stronger ones; sure, you may still see some "TLS" messages, but in such a case, those will probably come from very old clients which don't support TLS and only support "SSLvX" (or from bots trying to exploit the SSL bugs to extract infos) so, just ignore those errors :) ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
