> On Centos, after you update openssl, this is one choice ;
> bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/yourkey.pem ciphers [...]
> On another OS, he qualms page describes how to get the list of ciphers.
My suggestion is to always use the recommended cipher list from Mozilla.
If your Ope
On Centos, after you update openssl, this is one choice ;
..
..
bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/yourkey.pem ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA
> When I connect to haproxy the client uses:
> TLS_ECDHE_RSA_WITH_RC4_128_SHA
>
> When I connect to google.com the client uses:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
A part from the RC4 vs AES difference here, which you can
probably fix by an appropriate ciphers string, as long as you
are usin
Hi,
On 21.02.2015 13:45, Dennis Jacobfeuerborn wrote:
> Hi,
> I noticed that when I use my browser (latest Firefox) to connect to
> haproxy then it will select an RC4 based cipher even though better
> options are available. When I make a connection to e.g.
> https://www.google.com/ the browser use
4 matches
Mail list logo