[Ach] Fwd: Disabling anonymous ciphers

Aaron Zauner azet at azet.org
Mon Jan 6 15:42:35 CET 2014 

---------- Forwarded message ----------
From: Aaron Zauner <azet at azet.org>
Date: Mon, Jan 6, 2014 at 3:23 PM
Subject: Re: [Ach] Disabling anonymous ciphers
To: Christian Rishøj <christian at rishoj.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christian,

Christian Rishøj wrote:
> Hi,
>
> Using the SSLCipherSuite and SSLProtocol directives from
>
https://github.com/BetterCrypto/duraconf/blob/master/configs/apache2/https-hsts.conf
,
> my Apache server scores "F" on
> https://www.ssllabs.com/ssltest/analyze.html, with the reason
>
>> This server supports anonymous (insecure) suites (see below for
>> details). Grade set to F.

[...]

>
> Did I screw up? If not, I think the guide could use either a
> correction or an explanation.


Please use the configurations provided in the Paper on bettercrypto.org
not the duraconf stuff we forked and intend to update to our
recommendations. duraconf is a similar project by jake appelbaum - but
it's heavily outdated. I'm going to remove the fork for now to avoid
further confusion. We'll add our stuff as soon as we have a release of
the paper and open a pull request.

Sorry for the confusion.

Thanks for reporting,
Aaron
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJSyrxrAAoJEOTbZJL9ubXVQ7gQANu56T2X2SoKONBJoQvacX7l
r/tM4skMmEDZlL2lCT3E9tpN/f0rc/8HYyuqzuzmJRgeK37hf/UFsWqT7tYaYDmw
XugBveFp9Hfalm1T7FlOc3ZWBlt31JGAWHuLwhEHYAqVsUmSR4wMm4Icz9K66X6l
krZniMC0fA7ZA4OVfxMWXgSNc1wu2Splt2I0yMRiOjZfzcSvImerT+YrodEbIgSk
bnyUJ4guBPVZgxanBMCKsBPtk+Iak4xR9WBJwGYDMKX/SswtTlJ1DEeXrLYuYp5k
BTM8tT8VKX8h7KqiLtS7VPWAbZ6it0xASrZT2oQFQ0/U+94A0H3rt/AahHBE2spE
Mz9u1krUlmA5pRbGdNM3Br0wyQDpE9cmktxkDY8C5Z8/z9xSrtmvSIrfnXR8RaZo
2s2Tisqk+AJi7+kFpCrdqmpzqvLg63f6VhFovodxIz5hK+fK6YNW9jW8rX7WH3Kc
8BaStqzFBS4CTbJVJjZUzGAhb6ahGaOroPK4llzoXLHnZKEqOcKOPNh6P3ul/iDf
IJOCsncUG/EqoZhKHUxhEub++1AZGKzNRoWCFBmLp2fJcJxwpwf3vih02Qyhk6qJ
FKqSQr59KwWNlKo0tC6uD3mhLP1MenT5pW5GcQcCWiZTlFv7DrL9myva+BLgGr5q
4e/L/KrFAKTwOVjyg5X7
=cdOr
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140106/99d18b8f/attachment.html>

More information about the Ach mailing list