[sword-devel] Qualys SSL Labs server test rating was: Re: Firefox 44.0.2 and self-signed certs
Jaak Ristioja
jaak at ristioja.ee
Sat Feb 20 10:12:15 MST 2016
All thumbs up from me! Good job! :)
J
On 20.02.2016 18:59, DM Smith wrote:
> Jaak,
>
> Take a look now.
>
> I’ve upgraded the HTTP server to avoid SSLv3 and RC4. Had to explicitly
> add TLS 1.0. And specifically added support for TLS 1.1 and 1.2. That
> means we have limited support for Windows XP users. If we have problems
> I may need to add SSLv3 and RC4 back in as a fall back for them.
>
> The only thing keeping us from A+ is HSTS.
>
> DM
>
>> On Feb 15, 2016, at 4:14 PM, DM Smith <dmsmith at crosswire.org
>> <mailto:dmsmith at crosswire.org>> wrote:
>>
>> I tried to fix this the other day, and will shortly. But the server
>> locked up twice in that day. So I’ve backed out my changes (a
>> one-liner for this issue) and am doing them one at a time. I hope to
>> have that solved within a week.
>>
>> In Him,
>> DM
>>
>>> On Feb 15, 2016, at 3:44 PM, Jaak Ristioja <jaak at ristioja.ee
>>> <mailto:jaak at ristioja.ee>> wrote:
>>>
>>> The Qualys SSL Labs SSL Server test gives crosswire.org
>>> <http://crosswire.org/> a C rating
>>> mainly due to supporting SSLv3 and the RC4 cipher.
>>>
>>> https://www.ssllabs.com/ssltest/analyze.html?d=crosswire.org&hideResults=on
>>>
>>> Blessings,
>>> Jaak
>>>
>>> On 15.02.2016 20:11, DM Smith wrote:
>>>> Went with LetsEncrypt. It should be proper for the
>>>> entire crosswire.org <http://crosswire.org/>
>>>> <http://crosswire.org <http://crosswire.org/>> web. If you see a
>>>> problem or have a question, let
>>>> me know.
>>>>
>>>> In Him,
>>>> DM Smith
>>>>
>>>>> On Feb 12, 2016, at 5:30 PM, Matěj Cepl <mcepl at cepl.eu
>>>>> <mailto:mcepl at cepl.eu>
>>>>> <mailto:mcepl at cepl.eu>> wrote:
>>>>>
>>>>> On 2016-02-12, 19:28 GMT, David Haslam wrote:
>>>>>> Even so, this is the way browsers are moving!
>>>>>>
>>>>>> The sooner we can move away from self signed the better.
>>>>>
>>>>> Certainly, I see two ways out:
>>>>>
>>>>> * https://letsencrypt.org/ … I have never tried it, so
>>>>> I am not sure how really difficult it is, but it is
>>>>> supposed to be the free way how to get working and
>>>>> supported certificate for a website
>>>>>
>>>>> * I use personally certificate from
>>>>> https://www.startssl.com/ For me the price is US$60/two
>>>>> year certificate, not sure whether the company would be
>>>>> willing to give some discount for non-profit/religious
>>>>> organization, or we would be satisfied with the free
>>>>> certificate (one domain only, no wildcard).
>>>>>
>>>>> Best,
>>>>>
>>>>> Matěj
>>>>>
>>>>> --
>>>>> https://matej.ceplovi.cz/blog/, Jabber: mcepl at ceplovi.cz
>>>>> <mailto:mcepl at ceplovi.cz>
>>>>> <mailto:mcepl at ceplovi.cz>
>>>>> GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
>>>>>
>>>>> [...] a superior pilot uses his superior judgment to avoid having to
>>>>> exercise
>>>>> his superior skill.
>>>>> --
>>>>> http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sword-devel mailing list: sword-devel at crosswire.org
>>>>> <mailto:sword-devel at crosswire.org>
>>>>> <mailto:sword-devel at crosswire.org>
>>>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>>>> Instructions to unsubscribe/change your settings at above page
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> sword-devel mailing list: sword-devel at crosswire.org
>>>> <mailto:sword-devel at crosswire.org>
>>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>>> Instructions to unsubscribe/change your settings at above page
>>>>
>>>
>>>
>>> _______________________________________________
>>> sword-devel mailing list: sword-devel at crosswire.org
>>> <mailto:sword-devel at crosswire.org>
>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> <mailto:sword-devel at crosswire.org>
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
More information about the sword-devel
mailing list