Am Freitag, 21. August 2015, 13:19:57 schrieb Christoffer Holmstedt:
2015-08-21 11:17 GMT+02:00 Tobias Ellinghaus <houz@...173...>:
Hello,
I hope that someone feeling responsible for the Inkscape website is reading this. Would it be possible to change the SSL used by inkscape.org to offer something modern and maybe disable old and weak cyphers? I have disabled the broken ones in my browser and can't reach the website any more. See [0] for details.
Tobias
[0] https://www.ssllabs.com/ssltest/analyze.html?d=inkscape.org&hideResults=... n
Hi Tobias Can you be a bit more specific? Which cipher suites have you disabled because they are broken?
The SSL Labs report you link to gives an A grade and only A+ is better (usually requires HSTS and extra features for top score). The report clearly state that suitable connections can be made with TLS 1.2, 1.1 and 1.0. Downgrade to SSLv3 is not possible which is also good.
This is really strange, when I last checked a few days ago this was definitely different. However, you are only providing DHE_RSA variants, which is potentially harmed by the latest Diffie Hellmann issues (your 2048 bit key should be fine though). Could you maybe add some ECDHE_RSA?
https://weakdh.org/sysadmin.html
Regards
Thanks in advance Tobias