Menu

Webmin Gui - Only strong ciphers with perfect forward secrecy

Help
2014-04-10
2015-03-28
  • Helmut Lehmeyer

    Helmut Lehmeyer - 2014-04-10

    Hello,
    in SSL Encryption, all Radiobuttons on YES, have a private Key File 4096 bit and selected:
    Only strong ciphers with perfect forward secrecy.

    Restart Server, but absolutely no PFS is uses wen I connect to Webmin GUI. What's wrong or is a Bug?

    Thanks
    Helmut

     
  • Aaron Roydhouse

    Aaron Roydhouse - 2015-03-28

    It appears to be completely unimplemented, the option has no effect.

    Also I found the 'force cipher order' has no effect either. Worse, if you list your own ciphers, Webmin+SSLeay will use them in reverse order and prefer the last/weakest cipher on your list.

    It would be nice if these were implemented, but it is terrible that the UI misleads users to think that they are implemented/working :-(

    A bug concerning this was reported here (but so far ignored):
    https://sourceforge.net/p/webadmin/bugs/4415/

    Until recently SSLeay did not support PFS either, and still may no, though work was started last year by Paul Howarth (v1.56):
    http://koji.fedoraproject.org/koji/buildinfo?buildID=608072

     

    Last edit: Aaron Roydhouse 2015-03-28

Log in to post a comment.