On 2014-07-02, Ez Egy <ezegyemailcim...@gmail.com> wrote: > www.ssllabs.com: ECDHE-RSA-AES256-GCM-SHA384 > www.google.com: ECDHE-RSA-AES128-GCM-SHA256 > > We wanted to make our webserver HTTPS connection more secure (don't look at > the self-signed certificate, that doesn't count right now..) > > We are using an OpenBSD 5.4 64bit, and the "openssl ciphers" command says > that it supports the "ECDHE-RSA-AES256-GCM-SHA384" cipher. On client side > there is Firefox 30 at least.
Firefox doesn't support ECDHE-RSA-AES256-GCM-SHA384. ECDHE-RSA-AES128-GCM-SHA256, yes. ECDHE-RSA-AES256-GCM-SHA384, no. > Question: How can we set GCM in nginx? Why couldn't a fresh Firefox connect > via HTTPS to foo.com (ECDHE-RSA-AES256-GCM-SHA384,TLSv1.2)? It can connect > to www.ssllabs.com via HTTPS (ECDHE-RSA-AES256-GCM-SHA384,TLSv1.2) No, it doesn't. Not with that cipher suite. -- Christian "naddy" Weisgerber na...@mips.inka.de
