Recently, I switched a web server here to to rewriting and force every access to go over https. This is a machine using self-signed certs and a fairly conservative set of protocol support. Apache's cipher suite is set to this:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL:-SSLv3:-SSLv2 These settings were derived from doing some reading and testing with SSL Labs test site and - thus far - I have seen no complaints except from the FreeBSD ports fetch. I am getting grumpy emails from the master ports sites: => tsshbatch-1.212.tar.gz doesn't seem to exist in /portdistfiles/. => Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz fetch: http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz: Not Found => Attempting to fetch http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz 72047:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:593: fetch: http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz: Authentication error => Couldn't fetch it - please try to retrieve this => port manually into /portdistfiles/ and try again. *** [do-fetch] Error code 1 Stop in /usr/ports/security/tsshbatch. Interestingly, (and strangely) no other port is reporting this problem, only this one. Ideas, thoughts??? -- ---------------------------------------------------------------------------- Tim Daneliuk [email protected] PGP Key: http://www.tundraware.com/PGP/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
