I haven't tried it but I understand that PFS works with Apache2.4, now in Debian Jessie.
I have nginx running with some forward secrecy, as a reverse proxy to an apache 2.2 server listening on 127.0.0.1 http only. Using a later version of nginx. For more details go to https://www.ssllabs.com/ssltest/analyze.html and run a ssl server test for red.wf Could set this up for Wheezy's nginx if required. On Thu, 2013-09-12 at 16:57 +0200, Eugen Leitl wrote: > On Thu, Sep 12, 2013 at 04:49:30PM +0100, Keith wrote: > > > However PFS is not being used enough, not all browsers support it, it is > > for browsers only, not for example tls between mailservers. > > Can't get it to work with Apache 2.2, the version in Debian Stable. > > I've read elsewhere that it doesn't work with Apache. > What about nginx, though? > http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/ > > It has a resonably good security story, and is suitable > for embedded-like system due to lower memory consumption > under heavy load and virtual immunity to slowloris-like > attacks. > _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss