You are here
war59312 - Wed, 2015/07/01 - 16:11
Hi,
Please Improve Security Of hub.turnkeylinux.org
See security report @ https://www.ssllabs.com/ssltest/analyze.html?d=hub.turnkeylinux.org
Ouch, A "C".
SSL 3, are you serious!! Ugh!
Please enable TLS 1.2 only.
Drop the weak RC4 keys.
Enable Robust Forward Secrecy.
And please enable Strict Transport Security (HSTS).
Thanks,
Will
Forum:
Please note that these are POTENTIAL vulnerabilities
- A new SSLv3 vulnerability must be discovered
- A user must be using an old web browser (most current web browsers do not allow SSLv3 anymore anyway)
- The attacker must be targeting the user at the time that they access the Hub
To reiterate; I am not suggesting that the current situation is ideal and we do intend to update it. But the system is not immediately vulnerable. So long as users use an up to date browser then the risk of anything bad happening is incredibly low...Also be aware that the Hub does not handle money or credit card details; obviously it's still not ideal, but it's not like your credit card could be stolen...
Add new comment