Skip to content

What's new in version Kj (v35.HZ12.Kj)

Jump to bottom Edit New page
kvic-z edited this page Apr 21, 2017 · 1 revision

What's new in version Kj (v35.HZ12.Kj)

  • Added support for using ECDHE ciphers to exchange keys if browsers request so.
  • Added X509v3 Subject Alternative Name (SAN) extension to generated certificates.

Google Chrome starts marking RSA ciphers as obsolete for key exchange in recent versions. These ciphers will be depreciated in TLS v1.3. The first change prepares pixelserv-tls ready for TLS v1.3.

Google Chrome starting with v58 marks certificates without Subject Alternative Name as invalid, enforcing RFC 2818 specified in 2000! As a result, Chrome will treat certificates generated by pixelserv-tls version Ki (and older) as invalid. Version Kj resolves this issue.

To update certificates after upgrade to version Kj

Purge old certificates:

cd /opt/var/cache/pixelserv
mv ca.* ..
rm *
mv ../ca .

Then restart pixelserv-tls. New certificates will be automatically generated on demand and RFC2818 compliant.

Add a custom footer
Add a custom sidebar
Clone this wiki locally