[Gluster-infra] www.gluster.org attackable by little evil dogs?
mscherer at redhat.com
Fri Oct 17 19:09:43 UTC 2014
Le vendredi 17 octobre 2014 à 12:44 -0400, Justin Clift a écrit :
> ----- Original Message -----
> > Le jeudi 16 octobre 2014 à 18:58 -0400, Justin Clift a écrit :
> > > Looking at this:
> > >
> > > https://www.ssllabs.com/ssltest/analyze.html?d=gluster.org
> > >
> > > It's saying www.gluster.org is still vulnerable to the POODLE
> > > attack.
> > >
> > > Did we forget to restart the webserver or ?
> > Conflicting directive in another file. Should be fixed now.
> Thanks Misc, yep that worked. We're getting an A- now instead of a C
> grade. It's listing two other minor problems, but they don't seem
> like something we need to take immediate action over:
> * Certificate uses SHA1. When renewing, ensure you upgrade to SHA256.
We have to wait until the renewal I guess.
> * The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
We would need to select a few different ciphers. I think cleaning the
vhost should be sufficient, cause there is for now 2 https vhost with
custom setting, and I think by default, we would get pfs with newer
rhel. But that's not urgent either.
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Gluster-infra