[Freedombox-discuss] Freedombox CA
Keith
keith at fernie.eu
Thu Sep 12 16:47:30 UTC 2013
I haven't tried it but I understand that PFS works with Apache2.4, now
in Debian Jessie.
I have nginx running with some forward secrecy, as a reverse proxy to an
apache 2.2 server listening on 127.0.0.1 http only. Using a later
version of nginx.
For more details go to https://www.ssllabs.com/ssltest/analyze.html
and run a ssl server test for red.wf
Could set this up for Wheezy's nginx if required.
On Thu, 2013-09-12 at 16:57 +0200, Eugen Leitl wrote:
> On Thu, Sep 12, 2013 at 04:49:30PM +0100, Keith wrote:
>
> > However PFS is not being used enough, not all browsers support it, it is
> > for browsers only, not for example tls between mailservers.
> > Can't get it to work with Apache 2.2, the version in Debian Stable.
>
> I've read elsewhere that it doesn't work with Apache.
> What about nginx, though?
> http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/
>
> It has a resonably good security story, and is suitable
> for embedded-like system due to lower memory consumption
> under heavy load and virtual immunity to slowloris-like
> attacks.
>
More information about the Freedombox-discuss
mailing list