english: just a note in advance, to avoid reports by users: I am going to do some changes to the webserver in the next minutes, which includes restarting it. This needs testing, so don't worry if you get a connection problem or your browser complains about an SSL issue.
deutsch: nur eine kleine Vorwarnung um Fehlermeldungen zu vermeiden: Ich werde in den nächsten Minuten an unserem Webserver einige Änderungen vornehmen, wodurch Neustarts nötig sind. Die Änderungen müssen getestet werden, also wundert Euch bitte nicht, wenn es ein Verbindungsproblem gibt oder der Browser einen SSL-Fehler meldet. Danke und Grüsse, Manueö Am 30.06.2013 15:47, schrieb Manuel Schneider: > I just spent a day optimizing our SSL (encryption) capabilities on our > own servers. > There are now plenty of attacks against SSL around and also some tools > to audit the server's capabilities. > > After some testing (which involved a lot of server restarts) I am now > done, we reached the rating "A" for our server security (starting with > an "F" because we were vulnerable to two SSL attacks). Concerning > protocoll support we are even better than the WMF as we support the > newest encryption protocols TLSv1.1 and TLSv1.2. > For the sake of compatibility with older and mobile clients we still > support SSLv3. > Security is often contradictionary to client compatibility, so I hope we > are still fine. For security reasons we already redirect all traffic to > our main websites through SSL which means that we basically force all > our visitors to encrypt the traffic. > Should you become aware of any problems you know where they might come > from and please inform me. > > I will now also implement these changes to our other services based on > SSL, mainly SMTP and IMAP. -- Wikimedia CH - Verein zur Förderung Freien Wissens Lausanne, +41 (21) 34066-22 - www.wikimedia.ch _______________________________________________ http://wikimedia.ch Wikimedia CH website Wikimediach-l mailing list https://lists.wikimedia.org/mailman/listinfo/wikimediach-l
