Signed SSL Certificate - Force SSL by default - Force Secure Ciphers

Thireus · November 20, 2014, 2:29pm

Edit: Please Fuzzy, can we have SSL on all your services with a valid certificate? Including here on Peercointalk!

Please force the use of SSL by default and buy a valid and signed certificate. Also disable SSLv2 and SSLv3 and switch to High ciphers only.

Thank you.

sandakersmann · November 20, 2014, 8:00pm

Thireus · December 30, 2014, 4:07pm

Bump!

sandakersmann · January 2, 2015, 6:06am

Let’s Encrypt - A Free Robotic Certificate Authority [31c3]

thehuntergames · January 2, 2015, 8:16am

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
Arriving Summer 2015

Thireus · January 17, 2015, 1:54pm

bump!!!

This is making me sick.

Fuzzybear · January 27, 2015, 11:48pm

working on this and 1 step closer

fuzzbear

sandakersmann · January 28, 2015, 12:00am

[quote=“FuzzyBear, post:7, topic:3084”]working on this and 1 step closer

fuzzbear[/quote]

Fantastic news!

Thireus · January 28, 2015, 5:15am

[quote=“FuzzyBear, post:7, topic:3084”]working on this and 1 step closer

fuzzbear[/quote]

yay!

irritant · January 28, 2015, 6:47am

Fuzzybear · March 2, 2015, 11:13pm

happy for any advice or pointers here on how to improve

Fuzzybear

Thireus · March 3, 2015, 6:01am

[quote=“FuzzyBear, post:11, topic:3084”]https://www.peercointalk.org/

happy for any advice or pointers here on how to improve

Fuzzybear[/quote]

That’s because you are surpporting SSL v2 (vulnerable to POODLE attack), SSL v3 and weak ciphers + other little things as described.

Since you are using Microsoft-IIS/7.5, you can execute the following PowerShell script to get grade A: https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2)

Fuzzybear · March 3, 2015, 3:46pm

[quote=“Thireus, post:12, topic:3084”][quote=“FuzzyBear, post:11, topic:3084”]https://www.peercointalk.org/

happy for any advice or pointers here on how to improve

Fuzzybear[/quote]

That’s because you are surpporting SSL v2 (vulnerable to POODLE attack), SSL v3 and weak ciphers + other little things as described.

Since you are using Microsoft-IIS/7.5, you can execute the following PowerShell script to get grade A: https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2)[/quote]

Awesome help Thireus many thanks… happy to report:

Thireus · March 3, 2015, 3:48pm

Awesome!!

:dance: :dance: :dance:

FYI, https://peercointalk.org/ doesn’t work properly, but https://www.peercointalk.org/ is fine. Smiley are loaded from http://www.ppcointalk.org --> they should be hosted here, so they don’t break FULL SSL!

Subdomains are not being redirected to their proper vhost: i.e. https://services.peercointalk.org

Fuzzybear · March 3, 2015, 6:01pm

[quote=“Thireus, post:14, topic:3084”]Awesome!!

:dance: :dance: :dance:

FYI, https://peercointalk.org/ doesn’t work properly, but https://www.peercointalk.org/ is fine. Smiley are loaded from http://www.ppcointalk.org --> they should be hosted here, so they don’t break FULL SSL!

Subdomains are not being redirected to their proper vhost: i.e. https://services.peercointalk.org[/quote]

Smiley’s fixed

looking at the subdomains and root domain

Fuzzybear