Since the web is full of myth-type hints about what to configure for openssl I'm really in need for some fundamental valid howtos.
I tried several combinations for a current debian 7.1 installation using either openssl or gnutls and always there are some glitches:
1) gnutls doesn't seem to work with curl clients. So this path seems unsuitable for now.
2) openssl, I do have to have a PFS (perfect forward secrecy) for the web server. Every time I seem to get it running I also get a beast attack warning.
Is it not possible for a ready-to-go debian installation to get both things: a pfs support and a protection from beast attacks?
Any serious help is welcome. I might even compile openssl myself if needed for some bleeding edge up2date versions.
Current version informations:
root@cloud:~# cat /etc/debian_version
root@cloud:~# openssl version
OpenSSL 1.0.1e 11 Feb 2013
root@cloud:~# openssl ciphers -v
<long result truncated>