Hi
I have been trying to change the nsssl ciphers that we use. As an experiment, I
took the recommended configurations from Mozilla here
https://wiki.mozilla.org/Security/Server_Side_TLS
Mozilla's recommended "Intermediate" configuration loaded perfectly and is
working well e.g.
set ciphers
"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
set protocols "TLSv1.2:TLSv1.3"
ns_section "ns/server/${server}/module/nsssl"
ns_param address $address
ns_param port $httpsport
ns_param hostname $hostname
ns_param ciphers $ciphers
ns_param protocols $protocols
But when I try the "modern" configuration, e.g.
set ciphers
"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
set protocols "TLSv1.3"
I get this error:
[23/Mar/2020:15:36:17][6864.28fc][-main:dev-] Error: nsssl: error loading
ciphers:
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
Do I need to do something else to get Naviserver to support this?
thanks
Brian
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
