#22028: jow added a png file to openwrt.org that breaks propper https!
-----------------------+-------------------
Reporter: anonymous | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: website | Version: Trunk
Keywords: |
-----------------------+-------------------
Jow, thanks for the information about the battlemesh in portugal, but
could you please upload the png file to a propper https working server or
update the certificate of your server ant then the link?
You server certificate expired on 04.10.2013 11:11! Yes, 2013!! We have
now in 2016 free and great certificates from letsencrypt. Please use them
if you would like a automated system of updating your certificate so that
you dont have to care more about that.
The link how it should look like on openwrt.org:
https://luci.subsignal.org/~jow/battlemesh-v9-poster-web.png
how it looks now and gives warnings in modern browsers:
http://luci.subsignal.org/~jow/battlemesh-v9-poster-web.png
By the way, your server is totaly broken from the security side:
https://www.ssllabs.com/ssltest/analyze.html?d=luci.subsignal.org&latest
Some notes:
This server is vulnerable to the POODLE attack. (BAD!)
This server supports weak Diffie-Hellman (DH) key exchange parameters
(BAD!)
Certificate uses a weak signature (BAD!)
The server does not support Forward Secrecy (BAD!)
You seem to use ubuntu 14.04 on your server. Fixing those things should be
easy.
Greetings
--
Ticket URL: <https://dev.openwrt.org/ticket/22028>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
