<div dir="ltr"><br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Aaron Zauner</b> <span dir="ltr"><<a href="mailto:azet@azet.org">azet@azet.org</a>></span><br>
Date: Mon, Jan 6, 2014 at 3:23 PM<br>Subject: Re: [Ach] Disabling anonymous ciphers<br>To: Christian Rishøj <<a href="mailto:christian@rishoj.net">christian@rishoj.net</a>><br><br><br>-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA1<br>
<br>
Hi Christian,<br>
<div class="im"><br>
Christian Rishøj wrote:<br>
> Hi,<br>
><br>
> Using the SSLCipherSuite and SSLProtocol directives from<br>
> <a href="https://github.com/BetterCrypto/duraconf/blob/master/configs/apache2/https-hsts.conf" target="_blank">https://github.com/BetterCrypto/duraconf/blob/master/configs/apache2/https-hsts.conf</a>,<br>
> my Apache server scores "F" on<br>
> <a href="https://www.ssllabs.com/ssltest/analyze.html" target="_blank">https://www.ssllabs.com/ssltest/analyze.html</a>, with the reason<br>
><br>
>> This server supports anonymous (insecure) suites (see below for<br>
>> details). Grade set to F.<br>
<br>
</div>[...]<br>
<div class="im"><br>
><br>
> Did I screw up? If not, I think the guide could use either a<br>
> correction or an explanation.<br>
<br>
<br>
</div>Please use the configurations provided in the Paper on <a href="http://bettercrypto.org" target="_blank">bettercrypto.org</a><br>
not the duraconf stuff we forked and intend to update to our<br>
recommendations. duraconf is a similar project by jake appelbaum - but<br>
it's heavily outdated. I'm going to remove the fork for now to avoid<br>
further confusion. We'll add our stuff as soon as we have a release of<br>
the paper and open a pull request.<br>
<br>
Sorry for the confusion.<br>
<br>
Thanks for reporting,<br>
Aaron<br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iQIcBAEBAgAGBQJSyrxrAAoJEOTbZJL9ubXVQ7gQANu56T2X2SoKONBJoQvacX7l<br>
r/tM4skMmEDZlL2lCT3E9tpN/f0rc/8HYyuqzuzmJRgeK37hf/UFsWqT7tYaYDmw<br>
XugBveFp9Hfalm1T7FlOc3ZWBlt31JGAWHuLwhEHYAqVsUmSR4wMm4Icz9K66X6l<br>
krZniMC0fA7ZA4OVfxMWXgSNc1wu2Splt2I0yMRiOjZfzcSvImerT+YrodEbIgSk<br>
bnyUJ4guBPVZgxanBMCKsBPtk+Iak4xR9WBJwGYDMKX/SswtTlJ1DEeXrLYuYp5k<br>
BTM8tT8VKX8h7KqiLtS7VPWAbZ6it0xASrZT2oQFQ0/U+94A0H3rt/AahHBE2spE<br>
Mz9u1krUlmA5pRbGdNM3Br0wyQDpE9cmktxkDY8C5Z8/z9xSrtmvSIrfnXR8RaZo<br>
2s2Tisqk+AJi7+kFpCrdqmpzqvLg63f6VhFovodxIz5hK+fK6YNW9jW8rX7WH3Kc<br>
8BaStqzFBS4CTbJVJjZUzGAhb6ahGaOroPK4llzoXLHnZKEqOcKOPNh6P3ul/iDf<br>
IJOCsncUG/EqoZhKHUxhEub++1AZGKzNRoWCFBmLp2fJcJxwpwf3vih02Qyhk6qJ<br>
FKqSQr59KwWNlKo0tC6uD3mhLP1MenT5pW5GcQcCWiZTlFv7DrL9myva+BLgGr5q<br>
4e/L/KrFAKTwOVjyg5X7<br>
=cdOr<br>
-----END PGP SIGNATURE-----<br>
</div><br></div>