To be honest from a security point of view - you shouldn't be doing this if
the client can't talk to your server you need to look for a new client?
Assuming from what you say this is just a monitoring tool.
We have switched off TLS v1.0 and v1.1 as all the browsers which we consider
secure
- On Nov 27, 2020, at 4:58 PM, Stefan Eissing stefan.eiss...@greenbytes.de
wrote:
> If your client cannot connect, maybe it is old and wants to talk SSLv3 which
> is
> no longer supported?
>
Hi Stefan,
thanks for your answer.
That's what i assume. Isn't it possible to adapt the cipher-s
If I use
> openssl s_client -connect nc-mcd.helmholtz-muenchen.de:443
I get a connection using TLSv1.2. So far, so good.
If your client cannot connect, maybe it is old and wants to talk SSLv3 which is
no longer supported?
Your settings look fine otherwise, afaict.
- Stefan
> Am 27.11.2020 um
Dear all,
in 20 years administrating linux hosts i always avoided it successfully to
change the SSlCipherSuite, hoping the default from Suse or Ubuntu would be fine
and secure.
But now i'm in the situation that i have to touch it for the first time, and
afraid of opening a big door because of w
