• 12

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Forward secrecy support?

Is it possible to amend the SSL ciphers to support forward secrecy on my CentOS server running Apache 2.4? I currently have the following cipher setup:


This gives me an -A rating using the SSL Labs testing tool, but I receive the following warning:

This server does not support Forward Secrecy with the reference browsers. Grade will be capped to B from March 2018.

This warning looks to be originating for IE6/XP. Is there any possible way to pass this rule with my server configuration? It probably isn't that important, but if there's an easy way to support IE6/XP devices easily - I may as well!

It has nothing to do with IE6/XP. If you are still allowing SSLv3 or TLSv1.0 which is required to support IE6/XP, you are failing most test suites (including PCI compliance). Qualys has a page dedicated to their SSL Labs scoring system.

Regarding your ciphersuite string, adding !kRSA should do it. RSA key exchange does not provide forward secrecy.

I usually use the following.

SSLHonorCipherOrder on

Openssl documents the cipher parameters string.

  • 3
Reply Report

Trending Tags