Josh, it looks as though you got the configuration wrong in a way that breaks a lot of browsers. The problem isn't forward secrecy but the order in which
https://www.spamgourmet.com selects the protocol to use from the ones a browser supports and/or the lack of support for the most commonly supported choice. To see what's wrong please first start these two pages loading, which will take a few minutes as they perform tests:
https://www.ssllabs.com/ssltest/analyze ... ondora.comhttps://www.ssllabs.com/ssltest/analyze ... ourmet.comWhile those load please read this page that explains what's happening:
https://community.qualys.com/blogs/secu ... rd-secrecyBy now the other two pages should have finished loading. If you scroll down to the Handshake Simulation part you can see mass failure for Spamgourmet but complete success for Bondora. The difference is that Spamgourmet appears to be insisting on
TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA256
while Bondora is using a range that includes more secure and more widely supported things like
TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.
The issue does things like produce this as error text in say about year old FF 20, along with an inability to connect:
"An error occurred during a connection to
http://www.spamgourmet.com.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)"
Hopefully the references will tell you enough about what's happening so it's not too painful to fix it.
Posted: Sun Apr 13, 2014 7:39 pm