556
Stakeholder Proposals / Re: [Worker] Deploy and maintain independent BitShares infrastructure
« on: May 18, 2018, 08:54:42 pm »
Also from telegram
Alex M - clockwork:
RESULT!
A+ Rating on ssllabs + haproxy + load balancer + working with cli_wallet
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
i made a mistake btw ..cli-wallet reporting max version SSL 3.1 is TLS1.0 not TLS1.1
it appears to not work only under IE8 on windows XP , Java6 and android 2.3.7 (lack of SNI)
the above config i mean
@xeroc & @sschiessl seeing as infrastructure nodes suffer from the same issue (cli-wallet dies with handshake failed) I suggest you use the above config in your haproxy setup
Alex M - clockwork:
RESULT!
A+ Rating on ssllabs + haproxy + load balancer + working with cli_wallet
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
i made a mistake btw ..cli-wallet reporting max version SSL 3.1 is TLS1.0 not TLS1.1
it appears to not work only under IE8 on windows XP , Java6 and android 2.3.7 (lack of SNI)
the above config i mean
@xeroc & @sschiessl seeing as infrastructure nodes suffer from the same issue (cli-wallet dies with handshake failed) I suggest you use the above config in your haproxy setup