I need to setup a test web server with TLS and DH_anon . Apache or nginx is preferred, but not mandatory. OS is als not important. I already tried a google search, but there seems to be very limited information about DH_anon.
Thanks in advance!
1 Answer
I need to setup a test web server with TLS and DH_anon
Make sure your cipher list is ADH only.
From OpenSSL's ciphers(1) (and ignoring the vanity ciphers), I believe there will be eleven of them:
* SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
* SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
* SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
* SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
* SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
* TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
* TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
* TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
* TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
* TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
* TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384Apache or nginx is preferred...
For nginx, I believe the setting of interest is ssl_ciphers.
As for TLS (and reading not SSL), then use !SSLv2 !SSLv3. For nginx, I believe the setting of interest is ssl_protocols.