This repository has been archived by the owner on May 11, 2022. It is now read-only.

SSL and STARTTLS Forward Secrecy #87

Open

dcposch opened this issue Dec 2, 2013 · 1 comment

Owner

dcposch commented Dec 2, 2013

Just in case.

Also, from the Open Technology Fund survey:

If StartTLS is supported, do you enable ciphers that are 
not-forward secret or have fewer than 128 bits?

We should not.

The text was updated successfully, but these errors were encountered:

AndrewTheLott commented Jan 13, 2015

According to SSL Report: scramble.io (173.255.244.90) assessed on: Tue Jan 13 06:50:36 PST 2015

Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server's certificate chain is incomplete. (see Your SSL certificate is broken #105 for this one)
This server accepts the RC4 cipher, which is weak.

On the plus side, Forward Secrecy & HSTS are enabled.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.