***Steps required to get 'A' rating at http://ssllabs.com/ssltest/analyze.html%|%SSLLABS%|% ***
****Build [tls] from source with actualrrent ssl version****
2016-09-12:Build package http://sourceforge.net/projects/tls%|%tls1.6.7%|%tls1.6.7 from source with actualrrent ssl version, unpack to /x/tls1.6.7
* http://openssl.org%|%openssl-1.1.0%|%is now incompatible with tls, last working version is openssl-1.0.2g
* http://libressl.org%|%libressl-2.4.2%|%
* unpack to /x/libressl-2.4.2
* in /x/tcl1.6.7: ./configure --with-ssl-dir=/x/libressl-2.4.2 -with-tcl=/opt/tcl8.6.6/unix --with-tcl-include=/opt/tcl8.6.6/generic
* `make` is ok, `make test` gives runtime-error `SSLv2_method not found`
* workaround: set compiler directive `#define NO_SSL2` or `#define NO_PATENTS` in `tlsInt.h`
* using default file names from http://letsencrypt.org%|%Let's Encrypt%|% e.g. in file httpd.tcl of tclhttpd3.5.1 web server insert the lines
======
set dir /x/tls1.6.7
source [file join $dir pkgIndex.tcl]
package require tls
set ciphers [tls::ciphers tls1.2]
# avoid RC4 attack
set tmp [lsearch -all -inline -not $ciphers *RC4*]
# only Diffie-Hellman for forward secrecy
set ciphers [lsearch -all $tmp *DHE*]
tls::init -server 1 -request 0 -require 0 -tls1 0 -tls 1.1 0 -tls1.2 1 \
-cafile /etc/letsencrypt/live/<taipudex.com>/fullchain.pem \
-certfile .../cert.pem \
-keyfile .../key.pem \
-ciphers $ciphers
Httpd_SecureServer $CONFIG(https_port) $CONFIG(https_host) $CONFIG(https_ipaddr)
======
Notice: some codelines in tls.c may be obsolete now, as options concerning ssl2, ssl3, compression named `SSL_OP_NO_..` in file `openssl/ssl.h` are deprecated by definition.
Platform information `parray tcl_platform`
======
tcl_platform(byteOrder) = littleEndian
tcl_platform(engine) = Tcl
tcl_platform(machine) = i686
tcl_platform(os) = Linux
tcl_platform(osVersion) = 3.16.0-4-686-pae
tcl_platform(pathSeparator) = :
tcl_platform(platform) = unix
tcl_platform(pointerSize) = 4
tcl_platform(threaded) = 1
tcl_platform(user) = fr
tcl_platform(wordSize) = 4
======
<<categories>>Category Cryptography | Category Tclhttpd | Category Security