Hello DebConf team, While reading the Debian Developer documentation, I noticed that the image galleries page [1] has an invalid HTTPS certificate.
The link is to this page is posted on the Developers' Corner [2] of the main site and has the text: "You can also see the world map of Debian developers and image galleries from various Debian events." I also did a test on SSL labs [3] and the following issues were reported: * This server's certificate is not trusted. * This server supports anonymous (insecure) suites (see below for details). * This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. * This server supports weak Diffie-Hellman (DH) key exchange parameters. * Certificate has a weak signature and expires after 2015. Upgrade to SHA2 to avoid browser warnings. * This server accepts RC4 cipher, but only with older protocol versions. * The server does not support Forward Secrecy with the reference browsers. [1] https://gallery.debconf.org/ [2] https://www.debian.org/devel/ [3] https://www.ssllabs.com/ssltest/analyze.html?d=gallery.debconf.org&s=5.153.231.226 I hope this helps, Andrew R _______________________________________________ Debconf-team mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-team
