> On Dec 10, 2018, at 7:22 AM, Alice Wonder <[email protected]> wrote:
>
> ssl_min_protocol = TLSv1.2
> ssl_cipher_list =
> EECDH+CHACHA20:EECDH+AESGCM:EECDH+SHA384:EECDH+SHA256:EECDH:!3DES:!RC4:!ADH:!LOW@STRENGTH
> ssl_prefer_server_ciphers = yes
The cipherlist syntax is wrong, you're missing a ":" between "!LOW" and
"@STRENGTH".
My advice is that non-experts should not be asked or attempt to configure
explicit
TLS cipherlists. Let the defaults stand, and use software that comes with
sensible
defaults, upgrading periodically to keep the default configuration current.
--
Viktor.
