I can not change the ciphers in OpenBSD 6.2 in httpd.conf

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I can not change the ciphers in OpenBSD 6.2 in httpd.conf



 tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"



/etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port




Does anyone have any idea?







share|improve this question


























    up vote
    2
    down vote

    favorite












    I can not change the ciphers in OpenBSD 6.2 in httpd.conf



     tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"



    /etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port




    Does anyone have any idea?







    share|improve this question
























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I can not change the ciphers in OpenBSD 6.2 in httpd.conf



       tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"



      /etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port




      Does anyone have any idea?







      share|improve this question














      I can not change the ciphers in OpenBSD 6.2 in httpd.conf



       tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-ECDH:ECDHE:+SHA384:+SHA256"



      /etc/httpd.conf:46: server "domain.ex": tls configuration mismatch on same address/port




      Does anyone have any idea?









      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 23 '17 at 12:36









      Jeff Schaller

      31.8k848109




      31.8k848109










      asked Dec 23 '17 at 12:14









      Vim

      1111113




      1111113




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          2
          down vote













          Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)



          buildsrv_ip="10.11.12.13"

          chroot "/home/httpd"

          server "default"
          directory auto index
          listen on $buildsrv_ip tls port 9999
          tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
          ECDH:ECDHE:+SHA384:+SHA256"
          tls certificate "/etc/mail/host.crt"
          tls key "/etc/mail/host.key"






          share|improve this answer




















          • ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 14:54










          • Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 15:05










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f412669%2fi-can-not-change-the-ciphers-in-openbsd-6-2-in-httpd-conf%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          2
          down vote













          Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)



          buildsrv_ip="10.11.12.13"

          chroot "/home/httpd"

          server "default"
          directory auto index
          listen on $buildsrv_ip tls port 9999
          tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
          ECDH:ECDHE:+SHA384:+SHA256"
          tls certificate "/etc/mail/host.crt"
          tls key "/etc/mail/host.key"






          share|improve this answer




















          • ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 14:54










          • Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 15:05














          up vote
          2
          down vote













          Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)



          buildsrv_ip="10.11.12.13"

          chroot "/home/httpd"

          server "default"
          directory auto index
          listen on $buildsrv_ip tls port 9999
          tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
          ECDH:ECDHE:+SHA384:+SHA256"
          tls certificate "/etc/mail/host.crt"
          tls key "/etc/mail/host.key"






          share|improve this answer




















          • ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 14:54










          • Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 15:05












          up vote
          2
          down vote










          up vote
          2
          down vote









          Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)



          buildsrv_ip="10.11.12.13"

          chroot "/home/httpd"

          server "default"
          directory auto index
          listen on $buildsrv_ip tls port 9999
          tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
          ECDH:ECDHE:+SHA384:+SHA256"
          tls certificate "/etc/mail/host.crt"
          tls key "/etc/mail/host.key"






          share|improve this answer












          Can you show your full configuration? The following starts without error for me on OpenBSD 6.2. Notably the tls must be within a server block, and must be listed individually for each option. (Yes, this is my mail server and a host build system...)



          buildsrv_ip="10.11.12.13"

          chroot "/home/httpd"

          server "default"
          directory auto index
          listen on $buildsrv_ip tls port 9999
          tls ciphers "HIGH:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:!AES128:!DHE:-
          ECDH:ECDHE:+SHA384:+SHA256"
          tls certificate "/etc/mail/host.crt"
          tls key "/etc/mail/host.key"







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 23 '17 at 17:27









          thrig

          22.3k12852




          22.3k12852











          • ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 14:54










          • Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 15:05
















          • ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 14:54










          • Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
            – Vim
            Dec 25 '17 at 15:05















          ssllabs.com/ssltest/analyze.html?d=rootbsd.at
          – Vim
          Dec 25 '17 at 14:54




          ssllabs.com/ssltest/analyze.html?d=rootbsd.at
          – Vim
          Dec 25 '17 at 14:54












          Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
          – Vim
          Dec 25 '17 at 15:05




          Thank you very much, it works. It must be in the server "domain.at" block and in the server "default" block also! Otherwise it displays tls configuration mismatch. ssllabs.com/ssltest/analyze.html?d=rootbsd.at
          – Vim
          Dec 25 '17 at 15:05












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f412669%2fi-can-not-change-the-ciphers-in-openbsd-6-2-in-httpd-conf%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?