X.509 certificates for https://gnupg.org

Aleksandar Lazic al-gnupg_users at none.at
Wed Dec 18 00:58:51 CET 2013


Hi Werner.

Am 17-12-2013 16:37, schrieb Werner Koch:
> On Mon, 16 Dec 2013 21:35, dkg at fifthhorseman.net said:
> 
>> Werner, if i can help with configuring or maintaining the web server 
>> for
>> gnupg.org to address some of these issues, please let me know.
> 
> Yes, I have problems to figure out a woking cipher list which also
> allows for IE.  What DHE cipher suite may I use with IE given that I
> have only an RSA certificate. Or should I simply give up on PFS for IE
> users?  The active ciphers are right now:
> 
> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  
> Mac=SHA1
> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  
> Mac=SHA1
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  
> Mac=SHA1

You can test your client with the Experimental SSL Client Test

https://www.ssllabs.com/ssltest/viewMyClient.html

The following site also explain how you can change the order of the 
ciphers in Windows Vista, maybe it is also possible in this way on other 
Windows versions.

http://www.ditii.com/2007/11/07/windows-vista-changing-the-ssl-cipher-order-in-internet-explorer-7/

Cheers
Aleks



More information about the Gnupg-users mailing list