9

Please stop using TLS v1.0 and 1.1(blog.qualys.com)

posted
by
Avatar
xaera@sh.itjust.works
in
Avatar
main@sh.itjust.works
5 comments
hidereport
Sort:
HotTopControversialNewOld
Avatar
biela@sh.itjust.worksM
4 points

I’ll take a look at our configs tomorrow 👍

permalink
report
reply
Avatar
sugar_in_your_tea@sh.itjust.works
1 point
*

Were we outdated? I see we’re using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that’s not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.

I guess it’s possible we allowed older TLS versions, but at least the version I’m connecting with is completely fine.

permalink
report
parent
reply
Avatar
My Password Is 1234@lemmy.world
3 points

What about TLS 1.2?

permalink
report
reply
Avatar
pastermil@sh.itjust.works
4 points
*

Should still be good for now

permalink
report
parent
reply
Avatar
xaera@sh.itjust.worksOP
2 points
*

Not really, here’s why:

  • weak ciphers
  • SCSV (protocol fallback)

That’s why I didn’t go for that thankless job.

permalink
report
parent
reply

sh.itjust.works Main Community

!main@sh.itjust.works

Create post

Home of the sh.itjust.works instance.

Community stats

  • 866

    Monthly active users

  • 433

    Posts

  • 11K

    Comments

Community moderators