Re: [Operators] Please enable Forward Secrecy for your servers!

[Vincent Lauton]

Unfortunately a majority of users use jodo.im or exploit.im,both servers that have particularily bad SSL configuration and do not support any forward secrecy ciphers.Jodo.im's SSL certificate is expired,still supports SSLv3 and does not support TLS above v1.I already enforce PFS and these are the servers I have the most problems with.The strangest thing is that as I understand exploit.im is run by the exploit.in russian hacking board and a big part of the users of those two servers are from those kinds of communities,when these are tech-saavy users that should know about these things,who are looking for and need secure communication platforms.

19:10, 12 September 2015, Mathias Ertl <m...@fsinf.at>:

Hi everybody,

Just a quick reminder, this is less then a month from now:

On 2015-07-10 11:47, Mathias Ertl wrote:

 We at jabber.at would like to announce that we will exclusively support
 forward secrecy[1] enabled ciphers starting *October 1st, 2015*. Servers
 that do not support any of those ciphers by then, will not be able to
 federate with us until they upgrade.

jabber.ccc.de does this already right now. So if your server does not
support PFS, this will only get worse. Test if you're ready:

 You can test if you're ready at https://xmpp.net. If you support any
 forward secrecy cipher, you are fine. If you use the versions of
 ejabberd and Prosody that ship with the current Debian Stable or Ubuntu
 LTS, you're fine as well. If you use e.g. Debian Squeeze, you definitely
 should update.

greetings, Mati


--
twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl
I only read plain-text mail! I prefer signed/encrypted mail!

--
Sent from Yandex.Mail for mobile