2015-08-21 11:17 GMT+02:00 Tobias Ellinghaus <houz@...173...>: > Hello, > > I hope that someone feeling responsible for the Inkscape website is > reading > this. Would it be possible to change the SSL used by inkscape.org to offer > something modern and maybe disable old and weak cyphers? I have disabled > the broken ones in my browser and can't reach the website any more. See > [0] for details. > > Tobias > > [0] > https://www.ssllabs.com/ssltest/analyze.html?d=inkscape.org&hideResul... > n Hi Tobias Can you be a bit more specific? Which cipher suites have you disabled because they are broken? The SSL Labs report you link to gives an A grade and only A+ is better (usually requires HSTS and extra features for top score). The report clearly state that suitable connections can be made with TLS 1.2, 1.1 and 1.0. Downgrade to SSLv3 is not possible which is also good.

Regards

On Fri, 2015-08-21 at 16:12 +0200, Tobias Ellinghaus wrote: > > The SSL Labs report you link to gives an A grade and only A+ is > > better > > > (usually requires HSTS and extra features for top score). The report > > clearly state that suitable connections can be made with TLS 1.2, > > 1.1 > > > and 1.0. Downgrade to SSLv3 is not possible which is also good. > > This is really strange, when I last checked a few days ago this was > definitely > different. However, you are only providing DHE_RSA variants, which is > potentially harmed by the latest Diffie Hellmann issues (your 2048 bit > key > should be fine though). Could you maybe add some ECDHE_RSA? Please try again now. The new set has taken our score down a notch, but if it makes it work for more people I'm happy to keep a lower score.

Martin,