Disable SSLv3 and RC4

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Tue Sep 13 10:59:18 PDT 2016


On Tue, 2016-09-13 at 16:03 +0100, Nux! wrote:
> Nikos,
> 
> Thanks for that, it will take me a bit to digest it.
> The cert might be as you suspect since it's a letsencrypt one.

Could you paste the text form of your certificate (not key) as reported
by certtool or openssl x509?

>From certtool you should see something like:
		Key Purpose (not critical):
			TLS WWW Server.
		Key Usage (critical):
			Digital signature.
			Key encipherment.

The Digital signature part of the key usage enables the DHE and ECDHE
ciphersuites (forward secrecy).

regards,
Nikos




More information about the openconnect-devel mailing list