| 1 |
>> Thanks for the link. Which ssl_ciphers do you use? Which one does |
| 2 |
>> openssl show you're using? I have: |
| 3 |
>> |
| 4 |
>> ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; |
| 5 |
>> |
| 6 |
>> and 'openssl s_client -host HOSTNAME -port 443' shows: |
| 7 |
>> |
| 8 |
>> Cipher : ECDHE-RSA-AES256-GCM-SHA384 |
| 9 |
>> |
| 10 |
>> I also get "Verify return code: 20 (unable to get local issuer |
| 11 |
>> certificate)" from that command but I'm guessing that's OK since I get |
| 12 |
>> the same when using www.google.com as the HOSTNAME. |
| 13 |
>> |
| 14 |
>> - Grant |
| 15 |
>> |
| 16 |
> |
| 17 |
> I use exactly the one specified at the blog entry. |
| 18 |
|
| 19 |
OK but the only one posted in the blog entry is the problematic one: |
| 20 |
|
| 21 |
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH; |
| 22 |
|
| 23 |
- Grant |
Archives