I have to add:
1.) Try the new config.
2.) Disable SSLv3 (if not needed disable sslv2) (an easy way would be to
use libressl)
Keep in mind that you might loose compatibility with Windows XP IE 6 - IE 8.
Freundliche Grüsse
Nino Fink
--
Netzwerkabteilung
Contria GmbH
Steinackerweg 18
4901 Lange
Hello,
Try this config.
# CIPHER
SSLHonorCipherOrder 1
Ciphers
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES1
Hi,
i just updated it to :
Version 2.7f
Configuration switches:
--enable-cert1l
--with-dh=2048
But when i use this Options
DisableSSLv2 DisableSSLv3 SSLNoFragment 0 SSLNoCompression 1
it shows this error : unknown directive
thanks
2015-05-21 13:17 GMT+02:00 Scott McKeown :
> Hi
Hi,
i just updated it to :
Version 2.7f
Configuration switches:
--enable-cert1l
--with-dh=2048
But when i use this Options
DisableSSLv2 DisableSSLv3 SSLNoFragment 0 SSLNoCompression 1
it shows this error : unknown directive
thanks
2015-05-21 13:17 GMT+02:00 Scott McKeown :
> Hi
I'm guessing that the SSLNoFragment & SSLNoCompression options didn't make
it into the latest build or got a name change.
You should be alright to remove these two options as they do what the name
suggests.
I've not built a 2.7 version yet but it is on my to-do-list.
On 21 May 2015 at 12:48, Dani
Hi Michael,
thanks. No i have a A Rate :)
Daniel
2015-05-21 13:14 GMT+02:00 Brückler Michael :
> Hi Daniel,
>
>
>
> SSLHonorCipherOrder 1
>
> Disable SSLv3
>
> Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
> EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA
Hi,
i just updated it to :
Version 2.7f
Configuration switches:
--enable-cert1l
--with-dh=2048
But when i use this Options
DisableSSLv2 DisableSSLv3 SSLNoFragment 0 SSLNoCompression 1
it shows this error : unknown directive
thanks
2015-05-21 13:17 GMT+02:00 Scott McKeown :
> Hi
Hi Daniel,
SSLHonorCipherOrder 1
Disable SSLv3
Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
Regards,
Michael
Von
Hi Daniel,
SSLHonorCipherOrder 1
Disable SSLv3
Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
Regards,
Michael
Von
Hi Daniel,
First off what version on Pound are you running?
There were a few patch files written a while back that should resolve most
of these issues and if I remember correctly are in the latest build:
Try adding the following options into your configuration file:
SSLHonorCipherOrder 1 SSLAllo
Hello,
i just made a test via ssllabs.com. And i got a grade F for my SSL
connection.
The issues are :
This server supports insecure Diffie-Hellman (DH) key exchange parameters.
Grade set to F.
This server supports 512-bit export suites and might be vulnerable to the
FREAK attack. Grade set to F
Hello,
i just made a test via ssllabs.com. And i got a grade F for my SSL
connection.
The issues are :
This server supports insecure Diffie-Hellman (DH) key exchange parameters.
Grade set to F.
This server supports 512-bit export suites and might be vulnerable to the
FREAK attack. Grade set to F
Hello,
i just made a test via ssllabs.com. And i got a grade F for my SSL
connection.
The issues are :
This server supports insecure Diffie-Hellman (DH) key exchange parameters.
Grade set to F.
This server supports 512-bit export suites and might be vulnerable to the
FREAK attack. Grade set to F
Hi Iro,
thanks for the link, und Deutsch ist kein Problem, damit hats geklappt :)
Daniel
2015-05-19 21:51 GMT+02:00 irosAurus :
> Hey Daniel,
>
> Maybe this helps:
>
>
> http://kopfkino.irosaurus.com/wordpress-ssl-verschlusselung-fur-admin-und-login-seiten-in-zusammenspiel-mit-pound/
>
> It's i
14 matches
Mail list logo