I can not change the ciphers in OpenBSD 6.2 in httpd.conf
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I can not change the ciphers in OpenBSD 6.2 in httpd.conf
tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"
/etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port
Does anyone have any idea?
openbsd bsd openbsd-httpd
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
asked Dec 23 '17 at 12:14
Vim
1111113
add a comment |Â
up vote
2
down vote
favorite
I can not change the ciphers in OpenBSD 6.2 in httpd.conf
tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"
/etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port
Does anyone have any idea?
openbsd bsd openbsd-httpd
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
asked Dec 23 '17 at 12:14
Vim
1111113
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I can not change the ciphers in OpenBSD 6.2 in httpd.conf
tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"
/etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port
Does anyone have any idea?
openbsd bsd openbsd-httpd
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
asked Dec 23 '17 at 12:14
Vim
1111113
I can not change the ciphers in OpenBSD 6.2 in httpd.conf
tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"
/etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port
Does anyone have any idea?
openbsd bsd openbsd-httpd
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
asked Dec 23 '17 at 12:14
Vim
1111113
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
edited Dec 23 '17 at 12:36
Jeff Schaller
31.8k848109
31.8k848109
asked Dec 23 '17 at 12:14
Vim
1111113
asked Dec 23 '17 at 12:14
Vim
1111113
asked Dec 23 '17 at 12:14
Vim
1111113
1111113
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)
buildsrv_ip="10.11.12.13"
chroot "/home/httpd"
server "default"
directory auto index
listen on $buildsrv_ip tls port 9999
tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
ECDH:ECDHE:+SHA384:+SHA256"
tls certificate "/etc/mail/host.crt"
tls key "/etc/mail/host.key"
answered Dec 23 '17 at 17:27
thrig
22.3k12852
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)
buildsrv_ip="10.11.12.13"
chroot "/home/httpd"
server "default"
directory auto index
listen on $buildsrv_ip tls port 9999
tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
ECDH:ECDHE:+SHA384:+SHA256"
tls certificate "/etc/mail/host.crt"
tls key "/etc/mail/host.key"
answered Dec 23 '17 at 17:27
thrig
22.3k12852
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
add a comment |Â
up vote
2
down vote
Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)
buildsrv_ip="10.11.12.13"
chroot "/home/httpd"
server "default"
directory auto index
listen on $buildsrv_ip tls port 9999
tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
ECDH:ECDHE:+SHA384:+SHA256"
tls certificate "/etc/mail/host.crt"
tls key "/etc/mail/host.key"
answered Dec 23 '17 at 17:27
thrig
22.3k12852
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)
buildsrv_ip="10.11.12.13"
chroot "/home/httpd"
server "default"
directory auto index
listen on $buildsrv_ip tls port 9999
tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
ECDH:ECDHE:+SHA384:+SHA256"
tls certificate "/etc/mail/host.crt"
tls key "/etc/mail/host.key"
answered Dec 23 '17 at 17:27
thrig
22.3k12852
Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)
buildsrv_ip="10.11.12.13"
chroot "/home/httpd"
server "default"
directory auto index
listen on $buildsrv_ip tls port 9999
tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
ECDH:ECDHE:+SHA384:+SHA256"
tls certificate "/etc/mail/host.crt"
tls key "/etc/mail/host.key"
answered Dec 23 '17 at 17:27
thrig
22.3k12852
answered Dec 23 '17 at 17:27
thrig
22.3k12852
answered Dec 23 '17 at 17:27
thrig
22.3k12852
answered Dec 23 '17 at 17:27
thrig
22.3k12852
22.3k12852
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
add a comment |Â
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 14:54
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
– Vim
Dec 25 '17 at 15:05
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f412669%2fi-can-not-change-the-ciphers-in-openbsd-6-2-in-httpd-conf%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
