Hello all,
I complie my nginx server with OpenSSL 1.1x. As I want to adopt “forward” encryption standard “chacha20/ AES-gcm” with “x25519/p256” only. But I find that the ios apps may have problem to form a secure channel with error “An SSL error has occurred and a secure secure channel cannot be made”.
Piwigo version: 2.9.2
PHP version: 5.0x
iOS version: 11.2.1 unfortunately:-(
Offline
Hi yunkpoon2,
Humm, difficult to answer your question. Have you checked your SSL configuration, for example here: https://www.ssllabs.com/ssltest/index.html.
Cheers
Offline
Thanks for your recommendations :-)
Here is the information I find that it may relevant. Please let me know if they are useful.
Offline
Sorry, I get error in image upload via iOS.
Configuration
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
For TLS 1.3 tests, we currently support draft version 18.
Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH x25519 (eq. 3072 bits RSA) FS 128
Protocol Details
DROWN No, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN website here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Mitigated server-side (more info)
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Downgrade attack prevention Unknown (requires support for at least two protocols, excl. SSL2)
SSL/TLS compression No
RC4 No
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
Ticketbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) No (more info)
ROBOT (vulnerability) No (more info)
Forward Secrecy Yes (with most browsers) ROBUST (more info)
ALPN Yes http/1.1
NPN Yes http/1.1
Session resumption (caching) No (IDs assigned but not accepted)
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
HSTS Preloading Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP) No (more info)
Public Key Pinning Report-Only No
Public Key Pinning (Static) No (more info)
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No, DHE suites not supported
DH public server param (Ys) reuse No, DHE suites not supported
ECDH public server param reuse No
Supported Named Groups x25519, secp256r1 (server preferred order)
SSL 2 handshake compatibility No
Offline
Hi yunkpoon2,
What are the recommandations shown in the SSL report summary? How is the "Handshake Simulation" section for Safari on iOS? If you give me your DNS name, I may have a look at the results you get.
If you wish to compare with my server, paste the DNS name "lelievre-berna.net".
Best regards
Offline