On 08/06/2015 09:51 AM, Alex Mandel wrote: > On 08/06/2015 03:29 AM, Richard Duivenvoorde wrote: >> Hi, >> >> FYI we updated the certificates for >> hub.qgis.org >> plugins.qgis.org >> >> While I was pretty sure we scored an A on >> https://www.ssllabs.com/ssltest/index.html >> >> Now hub (on osgeo) scores a C, while plugins (qgis2) still scores an A... >> both apache servers share the same config (but different versions of Apache) >> > > Are you sure it's the same config? It might be just a few extra ciphers > in the SSL config that should be disabled for known security reasons. > The SSL lab test usually tells you exactly why you scored low. >
Looking at the report I am correct, it's just some tweaks to be made to the SSL config on apache. The newer sites don't have this issue because the defaults on newer Debian versions are safer. " This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » " I'll try to make some fixes to it this weekend. -Alex _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
