You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by LuKreme <kr...@kreme.com> on 2013/12/04 16:23:13 UTC
[users@httpd] Checking SSLCiphersuite?
How do I checks what ciphers are available to the https compiled binary, and how do I check with of those are active in the configuration?
Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with a self-signed cert (there's no e-commerce or any financial data of any sort on the server).
If an existing server wants to switch so that all traffic is encrypted using DH if possible (interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the bushes?
If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?
To be accessible for most people (including some Windows XP users), what else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?
Which ones do I need to avoid?
--
It's like looking for the farmer's daughter in a haystack, and finding
the needle.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Checking SSLCiphersuite?
Posted by Theodoro <da...@gmail.com>.
Hi,
Try run this command nmap --script ssl-cert,ssl-enum-ciphers 1.1.1.1 -p 443
On Wed, Dec 4, 2013 at 1:23 PM, LuKreme <kr...@kreme.com> wrote:
> How do I checks what ciphers are available to the https compiled binary,
> and how do I check with of those are active in the configuration?
>
> Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used
> on a server with a self-signed cert (there's no e-commerce or any financial
> data of any sort on the server).
>
> If an existing server wants to switch so that all traffic is encrypted
> using DH if possible (interested in implementing Perfect Forward Secrecy)
> are there any "Gotcha's" lurking in the bushes?
>
> If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?
>
> To be accessible for most people (including some Windows XP users), what
> else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?
>
> Which ones do I need to avoid?
>
> --
> It's like looking for the farmer's daughter in a haystack, and finding
> the needle.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Daniel Theodoro
Cel: 11 9-9399-3364
http://www.linkedin.com/in/danieltheodoro
• RHCE - Red Hat Certified Engineer
• LPIC-3 - Senior Level Linux Certification
• Novell Certified Linux Administrator - Suse 11
• Novell Data Center Technical Specialist - Suse 11
• OCA - Oracle Enterprise Linux Administrator Certified Associate
expertise :
EX436 - Red Hat Enterprise Clustering and Storage Management,