Signed SSL Certificate - Force SSL by default - Force Secure Ciphers


#1

Edit: Please Fuzzy, can we have SSL on all your services with a valid certificate? Including here on Peercointalk!

Please force the use of SSL by default and buy a valid and signed certificate. Also disable SSLv2 and SSLv3 and switch to High ciphers only.

https://www.ssllabs.com/ssltest/analyze.html?d=peercointalk.org&ignoreMismatch=on

Thank you.


#2

https://www.youtube.com/watch?v=Gas_sSB-5SU


#3

Bump!


#4

Let’s Encrypt - A Free Robotic Certificate Authority [31c3]

https://www.youtube.com/watch?v=OZyXx8Ie4pA


#5

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
Arriving Summer 2015


#6

bump!!!

This is making me sick.


#7

working on this and 1 step closer :slight_smile:

fuzzbear


#8

[quote=“FuzzyBear, post:7, topic:3084”]working on this and 1 step closer :slight_smile:

fuzzbear[/quote]

Fantastic news! :slight_smile:


#9

[quote=“FuzzyBear, post:7, topic:3084”]working on this and 1 step closer :slight_smile:

fuzzbear[/quote]

yay!


#10

https://blog.cloudflare.com/introducing-universal-ssl/


#11

https://www.peercointalk.org/

but we have an F grade rating :frowning: https://www.ssllabs.com/ssltest/analyze.html?d=peercointalk.org

happy for any advice or pointers here on how to improve

Fuzzybear


#12

[quote=“FuzzyBear, post:11, topic:3084”]https://www.peercointalk.org/

but we have an F grade rating :frowning: https://www.ssllabs.com/ssltest/analyze.html?d=peercointalk.org

happy for any advice or pointers here on how to improve

Fuzzybear[/quote]

That’s because you are surpporting SSL v2 (vulnerable to POODLE attack), SSL v3 and weak ciphers + other little things as described.

Since you are using Microsoft-IIS/7.5, you can execute the following PowerShell script to get grade A: https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2)


#13

[quote=“Thireus, post:12, topic:3084”][quote=“FuzzyBear, post:11, topic:3084”]https://www.peercointalk.org/

but we have an F grade rating :frowning: https://www.ssllabs.com/ssltest/analyze.html?d=peercointalk.org

happy for any advice or pointers here on how to improve

Fuzzybear[/quote]

That’s because you are surpporting SSL v2 (vulnerable to POODLE attack), SSL v3 and weak ciphers + other little things as described.

Since you are using Microsoft-IIS/7.5, you can execute the following PowerShell script to get grade A: https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2)[/quote]

Awesome help Thireus many thanks… happy to report:


#14

Awesome!!

:dance: :dance: :dance:

FYI, https://peercointalk.org/ doesn’t work properly, but https://www.peercointalk.org/ is fine. Smiley are loaded from http://www.ppcointalk.org --> they should be hosted here, so they don’t break FULL SSL!

Subdomains are not being redirected to their proper vhost: i.e. https://services.peercointalk.org


#15

[quote=“Thireus, post:14, topic:3084”]Awesome!!

:dance: :dance: :dance:

FYI, https://peercointalk.org/ doesn’t work properly, but https://www.peercointalk.org/ is fine. Smiley are loaded from http://www.ppcointalk.org --> they should be hosted here, so they don’t break FULL SSL!

Subdomains are not being redirected to their proper vhost: i.e. https://services.peercointalk.org[/quote]

Smiley’s fixed

looking at the subdomains and root domain

Fuzzybear