[Ach] Updated Mozilla TLS guide
Aaron Zauner
azet at azet.org
Wed Oct 15 16:22:18 CEST 2014
I used the same tool about a week ago on bettercrypto.org:443. I mailed you
guys to update to our current cipherstring (which also forbids SEED as well
as the anon-DH ciphers old openssl versions might negotiate) :)
Aaron
On Wed, Oct 15, 2014 at 4:15 PM, Adi Kriegisch <adi at kriegisch.at> wrote:
> Hey!
>
> > The
> > goal is to make it easier for admins to reach the intermediate level,
> > without asking a security expert to analyze their configuration.
> > It's
> > very opinionated, and I don't expect everyone to agree with its output.
> > But it serves Mozilla's needs.
> Thank you for your great tool!
>
> > $ ./cipherscan bettercrypto.org
> [...]
> > $ ./analyze.py -t bettercrypto.org
> > bettercrypto.org:443 has bad ssl/tls
> [...]
> > * disable TLSv1
> > * disable SSLv3
> I think this can be easily explained: we use a catchall page for non-SNI
> enabled browsers that allows older ciphers. Probably time to disable this
> page and remove that workaround from our paper. Non-SNI aware stuff like
> IE6 or Java 6 should not be used anyways.
>
> -- Adi
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQIVAwUBVD6BfXREfA6phVy/AQiD2xAAg4Tb49LZmDoHGCQxp2CZDIz325nKcFPx
> o+ABsEdANqVnhdoHxb8NbQdu0a5YbeMcu4g3kgt4bzQryXR9WnJIOAUYHVmOz/1H
> hkne/Xz/2RISM70kJov3n46UlfxM2dUAJRQopcqAPPixgU3jtpWAhu/CK3jwTegB
> T0Rp/PY2SSKeLEnMSJnXvIoiVq0iCg+vt1/Tjzjkl0pPd2bV2xxqgh2S089T0Tcf
> VD54c92BRqDIMiPqP81fgmeNQHDfa687uiCJyJZVzp84TceyZKHTSuH25B9pbPxh
> U0BvBuEKu4hudC/qtcKLUjAF/ltjpNdwB6zbdrbrJhdS5Zc4E2AMtApWHeHSoTgs
> rJQfTj1oJpwpxoF5cFYJVAELTVULTG07vJHpIfXWKXTcgFryHXCquj2spWBb3I75
> ap4QiktlAL48geGre6XNPhQOCaxItX82rz3tn+b+PcaFftGjUof+Z80f9oC1qOgZ
> trh0rH1XFQSDOPsfeQGXHCD13c3aNGDNjA1IxtNsa0/0FMs0lUjqrSwy+TOARaY7
> Efa/UQcPh5lWmSCtWebFUIJ9No9aIAWFVu6/tF2iPu9enk4ge2u9PHzFZjBpo3Nm
> kcuDG+Vm3wajeytu2uykd7NwHVPVYNKV7ymXTFs+rwWs68OqHbN1xiflQ70SNmBT
> UiB7jroUdiQ=
> =3Yy2
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/4c4438c3/attachment.html>
More information about the Ach
mailing list