I tried reordering the TLS curves. I fetched the supported list of curves which SSLLabs gave me:
and then I added the following command in httpd-ssl.conf:
Apache starts, but then crashes. The error_log shows:
where DOMAIN is one of the domains on the server (starting with letter "s", so it's not about being the first in alphabetical order).
Checking its log shows the following:
By the directadmin control panel I see that the domain has SSL enabled (however it is using the server certificate, not it's own one).
and then I added the following command in httpd-ssl.conf:
Code:
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:brainpoolP512r1:sect409k1:sect409r1:brainpoolP384r1:secp384r1:sect283k1:sect283r1:brainpoolP256r1:secp256k1:secp256r1Apache starts, but then crashes. The error_log shows:
Code:
[Fri Aug 16 05:18:23.236721 2019] [ssl:emerg] [pid 83845:tid 34408062976] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/httpd/domains/DOMAIN.error.log for more informationwhere DOMAIN is one of the domains on the server (starting with letter "s", so it's not about being the first in alphabetical order).
Checking its log shows the following:
Code:
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:brainpoolP512r1:sect409k1:sect409r1:brainpoolP384r1:secp384r1:sect283k1:sect283r1:brainpoolP256r1:secp256k1:secp256r1" failed for DOMAIN:443By the directadmin control panel I see that the domain has SSL enabled (however it is using the server certificate, not it's own one).