Disable SSLv3 and RC4
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Sep 13 10:59:18 PDT 2016
On Tue, 2016-09-13 at 16:03 +0100, Nux! wrote:
> Nikos,
>
> Thanks for that, it will take me a bit to digest it.
> The cert might be as you suspect since it's a letsencrypt one.
Could you paste the text form of your certificate (not key) as reported
by certtool or openssl x509?
>From certtool you should see something like:
Key Purpose (not critical):
TLS WWW Server.
Key Usage (critical):
Digital signature.
Key encipherment.
The Digital signature part of the key usage enables the DHE and ECDHE
ciphersuites (forward secrecy).
regards,
Nikos
More information about the openconnect-devel
mailing list