I'm running Apache 2.2.31 and I'm trying to get Perfect Forward Secrecy working. Using Qualys SSL Labs shows that pretty much everything except IE is using ciphers that can use forward secrecy.
I've verified that SSLHonorCipherOrder
is set to on
in the Apache configuration, but I'm wondering if there's a way to externally test that the cipher order is being enforced.
SSLLabs lists the supported ciphers in order of preference, and it matches what I specified in the config file
Best Answer
For decent HTTPS configuration analysis you can use https://testssl.sh/ as well. It grants really high quality information of overall HTTPS state.
testssl https://yoursite.com
In order to check configuration you asked - search for following check in the output:
or