tls ssllabs rating

Difference between version 5 and 6 - Previous - Next

***Steps required to get 'A' rating at http://ssllabs.com/ssltest/analyze.html%|%SSLLABS%|% ***


****Build [tls] from source with current ssl version****


2016-09-12:
Build package http://sourceforge.net/projects/tls%|%tls1.6.7%|%tls1.6.7 from source with current ssl version, unpack to /x/tls1.6.7


   * http://openssl.org%|%openssl-1.1.0%|%is now incompatible with tls, last working version is openssl-1.0.2g

   * http://libressl.org%|%libressl-2.4.2%|%
   
   * unpack to /x/libressl-2.4.2

   * in /x/tcl1.6.7: ./configure --with-ssl-dir=/x/libressl-2.4.2 -with-tcl=/opt/tcl8.6.6/unix --with-tcl-include=/opt/tcl8.6.6/generic

   * `make` is ok, `make test` gives runtime-error `SSLv2_method not found`

   * workaround: set compiler directive `#define NO_SSL2` or `#define NO_PATENTS` in `tlsInt.h`

   * using default file names from http://letsencrypt.org%|%Let's Encrypt%|% e.g. in file httpd.tcl of tclhttpd3.5.1 web server insert the lines

======
set dir /x/tls1.6.7
source [file join $dir pkgIndex.tcl]
package require tls
set ciphers [tls::ciphers tls1.2]
# avoid RC4 attack
set tmp [lsearch -all -inline -not $ciphers *RC4*]
# only Diffie-Hellman for forward secrecyset ciphers [lsearch -all -inline $tmp *DHE*] 
tls::init -server 1 -request 0 -require 0 -tls1 0 -tls 1.1 0 -tls1.2 1 \
   -cafile /etc/letsencrypt/live/<taipudex.com>/fullchain.pem \
   -certfile .../cert.pem \
   -keyfile  .../key.pem \
   -ciphers $ciphers
Httpd_SecureServer $CONFIG(https_port) $CONFIG(https_host) $CONFIG(https_ipaddr)
======

Notice: some codelines in tls.c may be obsolete now, as options concerning ssl2, ssl3, compression named `SSL_OP_NO_..` in file `openssl/ssl.h` are deprecated by definition.

Platform information `parray tcl_platform`
======
tcl_platform(byteOrder)     = littleEndian
tcl_platform(engine)        = Tcl
tcl_platform(machine)       = i686
tcl_platform(os)            = Linux
tcl_platform(osVersion)     = 3.16.0-4-686-pae
tcl_platform(pathSeparator) = :
tcl_platform(platform)      = unix
tcl_platform(pointerSize)   = 4
tcl_platform(threaded)      = 1
tcl_platform(user)          = fr
tcl_platform(wordSize)      = 4
======


<<categories>>Category Cryptography | Category Tclhttpd | Category Security