[Ach] Updated Mozilla TLS guide
adi at kriegisch.at
Wed Oct 15 16:15:28 CEST 2014
> goal is to make it easier for admins to reach the intermediate level,
> without asking a security expert to analyze their configuration.
> very opinionated, and I don't expect everyone to agree with its output.
> But it serves Mozilla's needs.
Thank you for your great tool!
> $ ./cipherscan bettercrypto.org
> $ ./analyze.py -t bettercrypto.org
> bettercrypto.org:443 has bad ssl/tls
> * disable TLSv1
> * disable SSLv3
I think this can be easily explained: we use a catchall page for non-SNI
enabled browsers that allows older ciphers. Probably time to disable this
page and remove that workaround from our paper. Non-SNI aware stuff like
IE6 or Java 6 should not be used anyways.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 827 bytes
Desc: Digital signature
More information about the Ach