[TriLUG] supporting legacy SSL ciphers
Alan Porter via TriLUG
trilug at trilug.org
Mon Nov 30 16:17:15 EST 2020
William Sutton wrote:
> I figured I would have seen a response by now.
>
> Any reason you can't use Apache?
I started with apache and mod_wsgi, and then tried nginx and gunicorn.
I don't have a strong preference one way or the other, but I lean
towards nginx.
John Franklin wrote:
> ...or if you’ll have to recompile OpenSSL or GnuTLS first to make it
> work.
I am pretty sure they all rely on the underlying libraries, and so I
will have to compile them to get the weak cipher support.
I have not looked at GnuTLS. Maybe that library is easier to configure
with the old ciphers. That's a good lead.
> The next issue you’re going to run into … root certs.
> What root certs do the ovens have, and will they accept expired certs
> or unknown CAs?
The ovens expect a specific self-signed cert, which I have in place on
the web server.
All of this would be so much easier to hack today if I had been a
little more cavalier back in the day and just used HTTP.
Thanks for your questions to help prod me along.
Alan
More information about the TriLUG
mailing list