Categories: Uncategorized

Memorandum #15.

   As PHP7.0.3 was released, I updated to it the day before yesterday. Here is ChangeLog. My server OS is Windows7 HE SP1 x86, so I downloaded php-7.0.3-Win32-VC14-x86.zip.
   The new php.ini-production doesn’t have difference from 7.0.2’s except some comments. If you need more information about php.ini configuration, see ‘Migrating from PHP 5.5.16 to PHP 5.6.0 on Windows’.

   I also updated to phpMyAdmin4.5.4.1. If you install phpMyAdmin at the first time, please see To create a Wamp-like Web Server in Windows7-#3 and phpMyAdmin Configuration storage.
   Beginning in January 2016, the phpMyAdmin release manager is Isaac Bennetch. If you have the old keyring, you need to update it for the file verification. See Verifying phpMyAdmin releases.

   Recently I’ve got stuck with SSL/TLS things since I read OpenSSL Security Advisory [28th Jan 2016]. The Advisory doesn’t include ‘Severity: Critical’. But I’ve used this opportunity to check up Cipher Suite of my Web server.
   Since enabling HTTP/2 on my server, I’ve use ‘AESGCM:HIGH:MEDIUM:!MD5:!RC4’. This gives these cipher suites and includes SSLv3 things as you see, of course, though I disabled SSLv3 on the server.
   I removed SSLv3 cipher suites and TLS ones that are on TLS 1.2 Cipher Suite Black List of the http2-spec page. See the list.
   After my work, I’ve got only these chiper suites.

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256

   But I left ECDHE-RSA-AES256-SHA in my configuration because I have visitors who use Android equal to or less than 4.3 according to the server log. Now my Cipher Suites on the ssl.conf is the following.

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA

   The command ‘openssl ciphers -v ~’ gives cipher suites list by OpenSSL names and TLS 1.2 Cipher Suite Black List gives them by the relevant specification names. If you don’t know about them well, see TLS v1.2 cipher suites. You can find a comparison table there.

   By the way, one of my Japanese blog visitors, くりくりさん, wrote about OCSP Stapling on his blog(Japanese). I’ve used OCSP Stapling since Moving my WordPress to HTTPS for supporting HTTP/2-#1. So, I’ll upload the result of my test, like this. If the handshakes end in a success, the head is same regardless of TLS versions.

o6asan

Share
Published by
o6asan

Recent Posts

Very easy, sweet potato yōkan recipe.

The recipe for sweet potato yōkan that I often made this fall. Ingredients Sweet potato…

1 year ago

On my home network, I’ve built an FTP server that I left for long time.

After a long time, when I checked broken links and fixed them, I got an…

3 years ago

Moving “o6asan’s BBS”.-#2

I made a box, so I prepare the contents. Theme and Plugins. The theme is…

3 years ago

Moving “o6asan’s BBS”.

Hehe, it's been almost a year since my last post. I received a notification email…

3 years ago

I completed my WordPress to Sub-domain.

About a week ago, I finally started to renew my sites, which I had been…

4 years ago

Happy New Year!

   Happy New Year! It is the beginning of a new year.    This is a year…

6 years ago

This website uses cookies.