[mod_gnutls-devel] mod-gnutls: Ciphers selection problem ?
osg at free.fr
osg at free.fr
Fri Dec 8 12:44:31 CET 2017
Hi All,
As talked with dkg in #mod_gnutls here some informations about ciphers selection problem I got.
I have configured this servername with cipher SECURE, and using curl I have this negotiation: TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
ServerName ssl-secure.tst.osgpcq.net
GnuTLSPriorities SECURE
curl -k -v https://ssl-secure.tst.osgpcq.net
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
If I'm trying to configure an another servername with only one cypher: TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
ServerName ssl-mono.tst.osgpcq.net
GnuTLSPriorities NONE:+VERS-TLS-ALL:+ECDHE-RSA:+AES-256-GCM:+SHA384:+COMP-NULL
curl -k -v https://ssl-mono.tst.osgpcq.net
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Curl is not able to negotiate...
Could you indicate me if I haven't configured correctly the GnuTLSPriorities or if the problem is elsewhere ?
Best regards
Vince
PS: version used from GNU/Debian 9, and compiled version:
Paquet : apache2
Version : 2.4.25-3+deb9u3
Paquet : libapache2-mod-gnutls
Version : 0.8.2-3
Source: mod_gnutls-0.8.3.tar.bz2
More information about the mod_gnutls-devel
mailing list