Port Fetch Failing

Tim Daneliuk tundra at tundraware.com
Tue Jun 2 01:25:35 UTC 2015

On 06/01/2015 07:09 PM, Matthew D. Fuller wrote:
> On Mon, Jun 01, 2015 at 07:02:57PM -0500 I heard the voice of
> Tim Daneliuk, and lo! it spake thus:
>> This is what happens when you are:  A) In a hurry and B) Paranoid and
>> C) Willing to copypasta a config without thought :(
>> Thanks to you and Chuck, I have a more reasonable (I think):
> That still looks awful weird.  Paranoid, and enabling +LOW?  If you're
> having to explicitly list ciphers, you're probably on the wrong
> path...
> And I suspect the "-SSLv3:-SSLv2" isn't really what you want.  You
> probably want to disable the _protocols_, not the _ciphers_.  e.g., on
> a 10.x machine, I have
> SSLProtocol All -SSLv2 -SSLv3

With your settings the site scores slighly more poorly than with mine as reported by SSL Labs.

I will continue to tinker to find the sweet spot of browser compatibility with best
protection.  (The +LOW should have been -LOW.)

> (I figure every extra character on the CipherSuite line means either
> I'm way smarter, or way dumber.  And there's only so much smarter I
> can get, so...)

Tim Daneliuk     tundra at tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

More information about the freebsd-ports mailing list