I have two questions.
First one: I checked which cipher suites are supported by firefox ( https:// cc. dcsec.uni-hannover. de/ ).
Example: Cipher Suite Name: ECDHE-ECDSA-AES256-SHA Key Size: 256 Bit Description: Key exchange: ECDH, encryption: AES, MAC: SHA1. is supported.
How can I enable only this chiper suite in the apache configuration?
This configuration doesn't work:
SSLEngine On
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-SHA
Whats wrong?
Second one: On *https:// calomel.org / firefox_ssl_validation.html* on chapter "256 bit Perfect Forward Secrecy only" the following chipers are recommanded
dhe_dss_aes_256_sha
dhe_dss_camellia_256_sha
dhe_rsa_aes_256_sha
dhe_rsa_camellia_256_sha
ssl3.ecdhe_ecdsa_aes_256_sha
ssl3.ecdhe_rsa_aes_256_sha
The chapter "SSLCipherSuite Directive" on *https:// httpd.apache.org/ docs/2.2/mod/mod_ssl.html* doesn't help to configure the apache in the right way. How can I "translate" e. g. dhe_dss_aes_256_sha in a proper configuration for the SSLCipherSuite.
Thanks in advance for reading and your help.
