Mathias Homann wrote:
I'm not sure what caused the OP's problems;
opensuse only supports RSA, which should be off. I had it off (only ECDH + DH on). So no overlap to talk. Turned on the weak RSA, and I could talk again.
I did run the qualy ssl labs server test against https://www.suse.com and the result was actually embarrassing...
https://www.ssllabs.com/ssltest/analyze.html?d=www.suse.com Seriously? Grade B? Only weak ciphers enabled? wtf?
Did it against forums.opensuse.org and got 2 reasons why grade was capped to B: This server does not support Forward Secrecy with the reference browsers. Grade capped to B. This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B. For TLS: TLS 1.3 No TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes (TLS 1.3 hasn't been widely adopted ...)...but TLS 1.0, most agree it should be off. But fact that it is on -- indicates it's not my TLS version that's a problem. My browser starts w/TLS1.1 and offers 1.2 TLS1.2 Ciphers: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK # TLS 1.1 (suites in server-preferred order) TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK Uses common DH primes No, DHE suites not supported DH public server param (Ys) reuse No, DHE suites not supported ECDH public server param reuse No, ECDHE suites not supported ----- ^^^This is the problem^^^ opensuse only supports RSA, which is flawed and the advice I was given was to turn off RSA -- so no connection. I turn on RSA and can connect again. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org