[Gluster-infra] www.gluster.org attackable by little evil dogs?
Michael Scherer
mscherer at redhat.com
Fri Oct 17 19:09:43 UTC 2014
Le vendredi 17 octobre 2014 à 12:44 -0400, Justin Clift a écrit :
> ----- Original Message -----
> > Le jeudi 16 octobre 2014 à 18:58 -0400, Justin Clift a écrit :
> > > Looking at this:
> > >
> > > https://www.ssllabs.com/ssltest/analyze.html?d=gluster.org
> > >
> > > It's saying www.gluster.org is still vulnerable to the POODLE
> > > attack.
> > >
> > > Did we forget to restart the webserver or ?
> >
> > Conflicting directive in another file. Should be fixed now.
>
> Thanks Misc, yep that worked. We're getting an A- now instead of a C
> grade. It's listing two other minor problems, but they don't seem
> like something we need to take immediate action over:
>
> * Certificate uses SHA1. When renewing, ensure you upgrade to SHA256.
>
> https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know
We have to wait until the renewal I guess.
> * The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
>
> https://en.wikipedia.org/wiki/Forward_secrecy
We would need to select a few different ciphers. I think cleaning the
vhost should be sufficient, cause there is for now 2 https vhost with
custom setting, and I think by default, we would get pfs with newer
rhel. But that's not urgent either.
--
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20141017/2b134148/attachment.sig>
More information about the Gluster-infra
mailing list