[Ach] Updated Mozilla TLS guide

Adi Kriegisch adi at kriegisch.at
Wed Oct 15 16:15:28 CEST 2014


> The
> goal is to make it easier for admins to reach the intermediate level,
> without asking a security expert to analyze their configuration.
> It's
> very opinionated, and I don't expect everyone to agree with its output.
> But it serves Mozilla's needs.
Thank you for your great tool!
> $ ./cipherscan bettercrypto.org
> $ ./analyze.py -t bettercrypto.org
> bettercrypto.org:443 has bad ssl/tls
> * disable TLSv1
> * disable SSLv3
I think this can be easily explained: we use a catchall page for non-SNI
enabled browsers that allows older ciphers. Probably time to disable this
page and remove that workaround from our paper. Non-SNI aware stuff like
IE6 or Java 6 should not be used anyways.

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/d28a4a6a/attachment.sig>

More information about the Ach mailing list