*16-November-2013 Changes with Apache 2.2.26 (legacy)*
ASF changes:
*) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
OpenSSL 1.0.0b3. [Vipul Gupta, Sander Temme, Stefan Fritsch]
So you need something at least 2.2.26 (the ECDH changes were
backported from 2.4)
We run 2.2.27 with 1.0.1g and it tests as an A on Qualsys (side effect
is you get Perfect Forward Security, except for some older IE
versions).
Cheers
Brett
On Fri, Apr 18, 2014 at 10:56 AM, Igor Cicimov <icici...@gmail.com> wrote:
>
> On 18/04/2014 2:30 AM, "Hanno Böck" <ha...@hboeck.de> wrote:
> >
> > On Thu, 17 Apr 2014 12:27:37 -0400
> > Christopher Schultz <ch...@christopherschultz.net> wrote:
> >
> > > I'm trying to enable (and prefer!) ECDHE ciphers for clients that can
> > > support them. I've done the obvious:
> > [...]
> > > I'm running httpd 2.2.23
> >
> > That's your problem. Get rid of that old cruft. You'll need apache 2.4
> > (for that and for many other improvements regarding ssl encryption).
> >
> No you don't i have 2.2 with latest openssl-1.0.1g on all my servers and
> TLSv1.2 and ECDHE ciphers are supported.
>
> > --
> > Hanno Böck
> > http://hboeck.de/
> >
> > mail/jabber: ha...@hboeck.de
> > GPG: BBB51E42
>
--
Whenever you find yourself on the side of the majority, it is time to pause
and reflect.
- Mark Twain
