sh.itjust.works Main Community

7705 readers

6 users here now

Home of the sh.itjust.works instance.

founded 1 year ago

MODERATORS

[email protected]

Please stop using TLS v1.0 and 1.1 (blog.qualys.com)

submitted 1 year ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 1 year ago (1 children)

I'll take a look at our configs tomorrow 👍

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Were we outdated? I see we're using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that's not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.

I guess it's possible we allowed older TLS versions, but at least the version I'm connecting with is completely fine.

[–] [email protected] 3 points 1 year ago (1 children)

What about TLS 1.2?

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Should still be good for now

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Not really, here's why:

weak ciphers
SCSV (protocol fallback)

That's why I didn't go for that thankless job.