> On Mon, May 18, 2015 at 07:43:26PM +0200, Martijn Rijkeboer wrote: >> Hi, >> >> I've just switched my webserver from 5.6/nginx to 5.7/httpd and was >> testing my TLS setup using SSL Labs[1]. The SSL Labs test indicates >> that my setup doesn't support forward secrecy. Is this not implemented >> in the 5.7 version of httpd or is my configuration wrong (included >> below)?
> We disabled older cipher suites and protocols by default. Any new-ish > browser should prefer ECDHE over DHE. Thank you very much for your explanation. SSL labs flags this webserver as not supporting Forward Secrecy with the reference browsers, because one of the reference browsers doesn't work (IE 8-10 / Win 7). Since none of my users uses that browser I will stick to the sane defaults. > So if your really want to enable legacy DHE modes, set the following > in the server section: > > tls dhe "legacy" This doesn't help either, but as explained above that's no problem for me. Kind regards, Martijn Rijkeboer
