On 13 September 2013 12:45, Solomon Peachy <[email protected]> wrote: > On Fri, Sep 13, 2013 at 09:25:15AM +0200, Torsten Reichard wrote: >> Hey Peter, >> >> seems to be good. > > Out of curiousity, what are you using to run these tests? I'd like to > validate that I have my certs set up properly, but nobody on my roster > is on a server that supports encrypted S2S. (Just in case, I have it > set up to be as permissive as possible when it comes to cert validation) > > I'm pretty sure my C2S stuff is set up properly -- None of the > clients I use complain about the cert/cachain I'm using. > > (shaftnet.org, running jabberd2 with external authentication)
We have a handy bot in the Prosody chatroom to check certificates over s2s. I'm pleased to inform you that: 13:55:29 MattJ> -certinfo shaftnet.org 13:55:34 Bunneh> MattJ: shaftnet.org has a valid certificate issued by Gandi Standard SSL CA but: 13:56:50 MattJ> -cipher shaftnet.org 13:56:50 Bunneh> MattJ: Connection to shaftnet.org uses cipher RC4-MD5 RC4 isn't very highly regarded nowadays, as multiple issues have been found with its security[1]. Note that the bot's server intentionally negotiates the weakest cipher you support, so it might not be anything to lose sleep over :) Regards, Matthew [1]: https://en.wikipedia.org/wiki/RC4#Security
