Opened 6 years ago

Closed 4 years ago

#11252 closed defect (fixed)

www.atagar.com only supports RC4 cipher

Reported by: atagar Owned by: atagar
Priority: Low Milestone:
Component: Core Tor/Nyx Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Arm's website is hosted on my domain. Recently-ish Dreamhost added SNI (Server Name Indication), allowing me to finally support TLS on their shared hosting. I just got a request for the domain to support better cyphers...

Hey

May I humbly suggest that you really update your SSL/TLS configuration
on atagar.com. You only support the RC4 cipher, which is considered
insecure and is at this point being phased out.

Look at the result here:
https://www.ssllabs.com/ssltest/analyze.html?d=atagar.com

Also, since you're directly linked from torproject.org you should set
a good example.

Search for 'Perfect forward secrecy apache' to find a good
configuration.

Hope this you'll have a look at it, thanks! :)

I'm not sure if this is an option with Dreamhost's setup, but I should take a peek.

Child Tickets

Change History (1)

comment:1 Changed 4 years ago by bugzilla

Resolution: fixed
Severity: Normal
Status: newclosed

Chain issues: Incorrect order

Note: See TracTickets for help on using tickets.