or you can follow the recommendations at https://cipherli.st.
I would not recommend depending on an alias such as HIGH, which includes generally considered unsafe ciphers such as PSK or NULL and it will really depend on the openssl version you use so could result in a list with differences from one machine to another. Try openssl ciphers -v 'HIGH' in one machine, try the same in another with different openssl version and see the difference. Try to go for specific ciphers first, the most secure tlsv1.2 ones (ECDHE nowadays) first and then see if you need you need the strongest security so stop there, or need compatibility and add others. The url I provided you with has some useful tips 2015-10-19 9:32 GMT+02:00 Rubén Toribio Aldeguer <rtori...@riu.com>: > I susgest to read this, may be you find it usesfull: > https://wiki.mozilla.org/Security/Server_Side_TLS > > B.R. > > 2015-10-18 22:42 GMT+02:00 David Mehler <dave.meh...@gmail.com>: > >> Hello, >> >> I'm configuring a new apache 2.4 system which will have a webmail app >> running on it. I'm wanting to use only the most current/secure ssl >> ciphers and ones that offer perfect forward secrecy. I'm using FreeBSD >> 10.1 and my openssl version is 1.0.1l. In the virtual host >> configuration that will run the webmail app I have: >> >> SSLEngine on >> SSLCipherSuite HIGH >> >> and then of course the path to my certificate and key. Do I need to do >> anything else? >> >> On the subject of SSL certificates does anyone use certificates >> generated from either cacert.org or smartssl, how well are they >> supported by browsers and phones? >> >> Thanks. >> Dave. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > > > -- > > *Rubén Toribio Aldeguer* > Técnico Sistemas DataCenter > Informática Área Sistemas > (+34) 971743030 > www.riu.com / www.riuplaza.com > > [image: Facebook] > <http://www.facebook.com/Riuhoteles> [image: Twitter] > <http://twitter.com/#%21/RiuHoteles> [image: Flickr] > <http://www.flickr.com/photos/riuhotels/collections/> [image: Youtube] > <http://www.youtube.com/user/RiuHotelsandResorts> [image: Google Plus] > <https://plus.google.com/102337793674910512804/posts> > > > This e-mail and its attachments, if any, are confidential and may be > legally privileged. If you have received it in error, you are on notice of > this status. Please do not copy or use it for any other purpose or disclose > its contents to any other person: to do so could be a breach of confidence. > You may contact us at +34 971 74 30 30 or at sender's e-mail address. > [image: Facebook] *Please, consider the environment before printing this > email.* <http://www.riu.com/es/sostenibilidad/inicio.jsp> > -- *Daniel Ferradal* IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal
