Patrick Heppler

100% Key Exchange and Cipher Strength?

Discussion created by Patrick Heppler on Jun 23, 2016
Latest reply on Jun 24, 2016 by Patrick Heppler

Hi,
I'm trying to get 100% Key Exchange and 100% Cipher Strength, but no luck so far.

SSL Server Test: heppler.net (Powered by Qualys SSL Labs)

 

My ciphers are:
ssl_ciphers 'EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

 

I tried to switch ssl_ecdh_curve from prime256v1 to secp384r1, but this gives me an ERR_SSL_VERSION_OR_CIPHER_MISMATCH

 

I'm running nginx patched with cloudflares spdy patch and compiled with openssl 1.0.2h also patched with ChaCha

Outcomes