Hi I have been trying to change the nsssl ciphers that we use. As an experiment, I took the recommended configurations from Mozilla here https://wiki.mozilla.org/Security/Server_Side_TLS
Mozilla's recommended "Intermediate" configuration loaded perfectly and is working well e.g. set ciphers "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" set protocols "TLSv1.2:TLSv1.3" ns_section "ns/server/${server}/module/nsssl" ns_param address $address ns_param port $httpsport ns_param hostname $hostname ns_param ciphers $ciphers ns_param protocols $protocols But when I try the "modern" configuration, e.g. set ciphers "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" set protocols "TLSv1.3" I get this error: [23/Mar/2020:15:36:17][6864.28fc][-main:dev-] Error: nsssl: error loading ciphers: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 Do I need to do something else to get Naviserver to support this? thanks Brian
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel