CentOS 6 - ECDHE ciphers

[Sandro Steger]

Dear SPDY-developers,

the SPDY-module provided by the mod-spdy repository for RPM-based distributions is statically linked against the OpenSSL-library.

At the beginning this was good, because the outdated OpenSSL on CentOS 6 didn't even support TLS 1.2. But quite a while back the situation changed, as a more current version is available in the standard repository. This version even provide support for ECDHE-ciphers, which mod_ssl_with_npn.so does not.

It would be great if you could add ECDHE-support to the mod-spdy-module provided by the rpm-repository, or to provide a dynamically linked module for RHEL 6 based distros.

Kind regards,

Sandro Steger

PS: Of course I could manually rebuild the module for the servers I manage, but an upstream solution is always preferable.

[Vlad Lasky]

Thanks Sandro - I second this request to enable ECDHE protocol support in the bundled OpenSSL that comes with mod_spdy.

I can only seem to be able to get an A- rating from ssllabs.com when testing SSL on sites that run CentOS and use the current mod_spdy rpm.

[Sandro Steger]

The OpenSSL-Update in mod-spdy version v0.9.4.2 solves this problem. ECDHE is now supported.