HTTPS errors from https://koji.rpmfusion.org
Reindl Harald
h.reindl at thelounge.net
Mon Jun 27 18:54:02 CEST 2016
Am 27.06.2016 um 18:41 schrieb Tom Horsley:
> On Mon, 27 Jun 2016 10:25:56 -0600
> Orion Poplawski wrote:
>
>> Secure Connection Failed
>
> A lot of older browsers have been failing recently on https
> web sites because the newer apache refuses to speak many
> of the older encryption protocols (I guess the same group
> that did in all the encryption algorithms in sshd got
> to these too).
>
> Don't know if that is what is going on with koji, but
> it might be. (I'm not actually sure how to tell)
Cipher Suites (sorted by strength as the server has no preference)
combined with RC4 sounds not like that
the only positive thing which can be said is SHA256 certs
is it *really* that hard to configure TLS proper?
SSLProtocol All -SSLv2 -SSLv3
SSLFIPS Off
SSLCompression Off
SSLInsecureRenegotiation Off
SSLSessionTickets Off
SSLHonorCipherOrder On
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM
___________________________________
is it really that hard to set "ServerTokens Prod" in the config instead
blowing out modules and versions?
[harry at srv-rhsoft:~]$ curl --head --insecure
https://koji.rpmfusion.org/koji/
HTTP/1.1 200 OK
Date: Mon, 27 Jun 2016 16:52:51 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_auth_kerb/5.4
mod_wsgi/3.4 Python/2.7.5
Content-Length: 11993
Allow: GET, POST, HEAD
AppTime: D=290432
AppServer: koji01.online.rpmfusion.net
Content-Type: text/html; charset=UTF-8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.rpmfusion.org/pipermail/rpmfusion-users/attachments/20160627/2e412454/attachment.sig>
More information about the rpmfusion-users
mailing list