Just a reminder for all distro maintainers and sysadmins to pay
attention to the cryptographic settings of programs included in free
distros, or being used in their respective project's infrastructure.
In particular, I think we should all analyze the use of weak
Diffie-Hellman Groups ("precomputed primes") and other DH related
vulnerabilities: https://weakdh.org/
For distros derived from others, make sure you are inheriting any
hardening that may come from upstream, and otherwise check the settings
for all the most common, security-sensitive packages. Feel free to share
in this thread what improvements you have implemented!
Quick and incomplete list of tools and documentation:
https://www.ssllabs.com/ssltest/
https://freakattack.com/
https://poodle.io/
http://heartbleed.com/
...
Please add others that you may know.
