Test OLS 1.4.6 site at
https://h2ohttp2.centminmod.com:8099/flags.html
cipherscan
https://github.com/jvehent/cipherscan reports DH,1024bits and not DH, 4096bits I have set when I created my dhparam file which is using same dhparam file i use for Nginx SPDY/3.1 ssl and h2o HTTP/2 server as both Nginx, h2o and OLS are on same server
Enable DH Key Exchange Yes
also tried DH Paramter = /usr/local/lsws/admin/conf/dhparam4096.pem and still reports as 1024bits while Nginx and h2o report 4096 bits
....................
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
3 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
5 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
6 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
7 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None True ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True ECDH,P-256,256bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
11 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
12 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
13 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True DH,1024bits
14 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
15 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
16 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
17 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 True
18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
19 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 True
OCSP stapling: supported
Server side cipher ordering
here's Nginx SPDY/3.1 with
....................
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
3 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
5 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
6 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
7 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None True ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True ECDH,P-256,256bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
11 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
12 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
13 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True DH,4096bits
14 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
15 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
16 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
17 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
19 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 43200 True
OCSP stapling: supported
Server side cipher ordering