= Сообщение: 9638 из 12505 ====================================== ENET.SYSOP =
От   : Benny Pedersen                   2:230/0            25 Apr 20 10:06:10
Кому : Richard Menedetter                                  25 Apr 20 10:06:10
Тема : Plain text password
FGHI : area://ENET.SYSOP?msgid=2:230/0+5ea40d0d
На   : area://ENET.SYSOP?msgid=2:310/31+5ea40728
= Кодировка сообщения определена как: LATIN1 =================================
Ответ: area://ENET.SYSOP?msgid=2:310/31+5ea5b2e7
Hello Richard!

25 Apr 2020 11:43, Richard Menedetter wrote to Benny Pedersen:

RM> I am quit happy with how it is now.
RM> It allows TLS1.2 and TLS1.3
RM> It also forces the client to use MY cipher selection.

RM> SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
RM> SSLHonorCipherOrder on

RM> I am not using Gentoo, I dislike it.

i hate gentoo aswell, lol

   ----- options-ssl-apache.conf begins -----
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder     off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
   ----- options-ssl-apache.conf ends -----

if you have clients of need TLSv1 then remove it but keep TLSv1.1

you miss !RC4, how high is HIGH ?

 Regards Benny

... there can only be one way of life, and it works :)

--- Msged/LNX 6.1.2 (Linux/5.6.6-gentoo-x86_64 (x86_64))
* Origin: I will always keep a PC running CPM 3.0 (2:230/0)

