X.509 certificates for https://gnupg.org

Werner Koch wk at gnupg.org
Tue Dec 17 16:37:27 CET 2013

On Mon, 16 Dec 2013 21:35, dkg at fifthhorseman.net said:

> Werner, if i can help with configuring or maintaining the web server for
> gnupg.org to address some of these issues, please let me know.

Yes, I have problems to figure out a woking cipher list which also
allows for IE.  What DHE cipher suite may I use with IE given that I
have only an RSA certificate. Or should I simply give up on PFS for IE
users?  The active ciphers are right now:

ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1



Attached is I my SSLNoCompression patch for Debian's pound in case
someone is interested.

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pound_no_compression.patch
Type: text/x-diff
Size: 3627 bytes
Desc: not available
URL: </pipermail/attachments/20131217/74e427be/attachment.patch>

More information about the Gnupg-users mailing list