ceylon-lang.org icon indicating copy to clipboard operation
ceylon-lang.org copied to clipboard
verified publisher icon eclipse-archived

Upgrade apache or libssl

Open FroMage opened this issue 12 years ago • 4 comments

It appears https://www.ssllabs.com/ssltest/analyze.html?d=modules.ceylon-lang.org&ignoreMismatch=on says our SSL implementation is not up to date, especially TLS 1.0 instead of the newer 1.2, perhaps we need to upgrade apache or libssl?

FroMage avatar Nov 19 '13 17:11 FroMage

Also, you use the modules.ceylon-lang.org cert for ceylon-lang.org as well (when someone manually requests that via HTTPS): https://ceylon-lang.org/

lucaswerkmeister avatar Jan 24 '14 19:01 lucaswerkmeister

According to the above SSL Labs link, the server now supports TLS up to 1.2 (in fact the rating is pretty good overall). I think this issue can be closed.

lucaswerkmeister avatar Nov 19 '14 19:11 lucaswerkmeister

Well this issue wasn't closed. Right now we score a B. Is that good enough? The main problems are some insecure cypher suites, supporting RC4 and only partial support for forward secrecy.

tombentley avatar Nov 11 '16 11:11 tombentley

Well back in 2014 I dind’t have the permissions to close this issue :)

SSLLabs report link

We could remove RC4, which is the only grossly insecure suite in our list. I’m not sure why it complains about FS – we seem to support it for all up-to-date systems tested by SSLLabs (exceptions are old versions of Windows, Windows Phone, Android, or Java).

I noticed something else in the report:

Server hostname mail.projectodd.org

Is that really the correct hostname? I suspect it’s just a copy+pasted and not updated bit of Apache config :)

lucaswerkmeister avatar Nov 11 '16 11:11 lucaswerkmeister