X.509 certificates for https://gnupg.org
Aleksandar Lazic
al-gnupg_users at none.at
Wed Dec 18 00:58:51 CET 2013
Hi Werner.
Am 17-12-2013 16:37, schrieb Werner Koch:
> On Mon, 16 Dec 2013 21:35, dkg at fifthhorseman.net said:
>
>> Werner, if i can help with configuring or maintaining the web server
>> for
>> gnupg.org to address some of these issues, please let me know.
>
> Yes, I have problems to figure out a woking cipher list which also
> allows for IE. What DHE cipher suite may I use with IE given that I
> have only an RSA certificate. Or should I simply give up on PFS for IE
> users? The active ciphers are right now:
>
> ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128)
> Mac=SHA1
> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
> Mac=SHA1
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
> Mac=SHA1
You can test your client with the Experimental SSL Client Test
https://www.ssllabs.com/ssltest/viewMyClient.html
The following site also explain how you can change the order of the
ciphers in Windows Vista, maybe it is also possible in this way on other
Windows versions.
http://www.ditii.com/2007/11/07/windows-vista-changing-the-ssl-cipher-order-in-internet-explorer-7/
Cheers
Aleks
More information about the Gnupg-users
mailing list