[Gluster-infra] www.gluster.org attackable by little evil dogs?
Justin Clift
justin at gluster.org
Fri Oct 17 16:44:21 UTC 2014
----- Original Message -----
> Le jeudi 16 octobre 2014 à 18:58 -0400, Justin Clift a écrit :
> > Looking at this:
> >
> > https://www.ssllabs.com/ssltest/analyze.html?d=gluster.org
> >
> > It's saying www.gluster.org is still vulnerable to the POODLE
> > attack.
> >
> > Did we forget to restart the webserver or ?
>
> Conflicting directive in another file. Should be fixed now.
Thanks Misc, yep that worked. We're getting an A- now instead of a C
grade. It's listing two other minor problems, but they don't seem
like something we need to take immediate action over:
* Certificate uses SHA1. When renewing, ensure you upgrade to SHA256.
https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know
* The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
https://en.wikipedia.org/wiki/Forward_secrecy
Regards and best wishes,
Justin Clift
--
GlusterFS - http://www.gluster.org
An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.
My personal twitter: twitter.com/realjustinclift
More information about the Gluster-infra
mailing list