It appears to be completely unimplemented, the option has no effect.
Also I found the 'force cipher order' has no effect either. Worse, if you list your own ciphers, Webmin+SSLeay will use them in reverse order and prefer the last/weakest cipher on your list.
It would be nice if these were implemented, but it is terrible that the UI misleads users to think that they are implemented/working :-(
Hello,
in SSL Encryption, all Radiobuttons on YES, have a private Key File 4096 bit and selected:
Only strong ciphers with perfect forward secrecy.
Restart Server, but absolutely no PFS is uses wen I connect to Webmin GUI. What's wrong or is a Bug?
Thanks
Helmut
It appears to be completely unimplemented, the option has no effect.
Also I found the 'force cipher order' has no effect either. Worse, if you list your own ciphers, Webmin+SSLeay will use them in reverse order and prefer the last/weakest cipher on your list.
It would be nice if these were implemented, but it is terrible that the UI misleads users to think that they are implemented/working :-(
A bug concerning this was reported here (but so far ignored):
https://sourceforge.net/p/webadmin/bugs/4415/
Until recently SSLeay did not support PFS either, and still may no, though work was started last year by Paul Howarth (v1.56):
http://koji.fedoraproject.org/koji/buildinfo?buildID=608072
Last edit: Aaron Roydhouse 2015-03-28