On 10/09/2015 05:11 PM, Gregg Smith wrote:
I have no real recommendation for you but the RFC states all
implementations must support
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or OpenSSL's equivalent
ECDHE-RSA-AES128-GCM-SHA256.
So it's a starting point.
Perfect! After pulling it up front with
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:HIGH:MEDIUM:!MD5:!RC4
all appears to be working with Firefox. (Haven't figured out the nghttp
failure yet though.) Thanks Gregg!
So, there's some feedback for the module then: that's a really strange
failure mode. It would be nice if something in the logs reflected the
bad cipher in use, and/or the documentation pointed this interaction
out. (Or maybe it already does and I just overlooked it?)
--Jacob
