Hi! I run httpd on 6.1-stable (thanks to all of you who make that possible!), with a pretty vanilla tls setup. When testing the server on ssllabs.com, results say that
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is considered weak. How should I interpret that information, as you see it? And shouldn't default cipher strengths be >= 128? I have probably misunderstood something, so any pointers in the right direction would be lovely. Link to my test result: https://www.ssllabs.com/ssltest/analyze.html?d=esoteric.andreasthulin.se My httpd.conf (which I'd like to keep very simple): # www.andreasthulin.se - HTTP server "www.andreasthulin.se" { alias "esoteric.andreasthulin.se" hsts subdomains listen on * port 80 listen on * tls port 443 tls certificate "/etc/ssl/esoteric.andreasthulin.se.fullchain.pem" tls key "/etc/ssl/private/esoteric.andreasthulin.se.key" root "/htdocs/andreasthulin.se" location "*.php" { fastcgi socket "/run/php-fpm.sock" } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } directory { index "index.php" } } BR, Andreas
