Jump to content
View in the app

A better way to browse. Learn more.
Froxlor Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

default ssl ciphers

  •
df8oe
in General Discussion

Featured Replies

Hi to all,

I have checked my sites with https://www.ssllabs.com/ssltest/ to check http2 functionaliy. Everything is working fine - except there are many weak ciphers detected. I already have edited apache ssl config - it only contains the following ciphers: 

SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

But this has no effect - weak ciphers are staying exactly as before. I checked that froxlor generated configs also include a list of ciphers. Does this list override the default settings? Where can I edit the ciphers froxlor uses for building the configs? I never have focused on that before...

weak ciphers.png

Global/default: settings -> ssl settings -> Configure the allowed SSL ciphers

or on a per domain base: edit domain -> check "Override system TLS settings" and set "Configure the allowed SSL ciphers"

  • Author

Thank you - thats what I was looking for...

  • Author

I am stepping forward. Because my server is running the newest software (Arch based) it now uses the strongest ciphers. One thing is remaining: I must use two weak ciphers to not kick off older OS/X and WindowsPhone devices. Now I want to set

"SSLHonorCipherOrder on"

"SSLSessionTickets   off"

and I did so in apache SSL mod settings. But Froxlor does not use this: "SSLHonorCipherOrder" is always set to "off" and "SSLSessionTickets" is ignored completely. How can I tell Froxlor to activate "SSLHonorCipherOrder" for all domains?

SSLSessionTickets can be set in settings -> ssl settings, SSLHonorCipherOrder is currently only a per domain setting with default off

  • Author

I see database is already prepared has a field for this value. I will modify this in database.

17 minutes ago, df8oe said:

I see database is already prepared has a field for this value. I will modify this in database.

No idea what you mean by that. I literally said these are settings in froxlor.  

  • Author

I mean it is simpler to fire one mysql command for modifying all domains than fiddling through individual settings of 79 domains ;)

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.