lists@packetmail.net wrote...
On 10/15/2014 10:47 AM, Christoph Biedl wrote:
- ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
Thank you Cristoph for your response. Are you certain this syntax is valid/working,
Well, it worked for me. But I wouldn't mind if more people could test this, and report back.
My check is to run
openssl s_client -connect 127.0.0.1:6697 -ssl3 -no_ssl2 -no_tls1
If s_client drops the connection, an SSLv3 connection was not possible. On the contrary a message like "Connection 11: initialized SSLv3 using (...)" in the server log indicates a situation that must not happen any longer.
Apache2 failed to negotiate TLS when I did some very light testing with ngircd using this syntax.
Wild guessing, you run an HTTP/IRC gateway, and the web server process can no longer connect to ngircd?
Christoph