9
Please stop using TLS v1.0 and 1.1 (blog.qualys.com)
submitted 1 year ago by xaera@sh.itjust.works to c/main@sh.itjust.works
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[-] biela@sh.itjust.works 4 points 1 year ago

I'll take a look at our configs tomorrow ๐Ÿ‘

[-] sugar_in_your_tea@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

Were we outdated? I see we're using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that's not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.

I guess it's possible we allowed older TLS versions, but at least the version I'm connecting with is completely fine.

[-] mypasswordis1234@lemmy.world 3 points 1 year ago

What about TLS 1.2?

[-] pastermil@sh.itjust.works 4 points 1 year ago* (last edited 1 year ago)

Should still be good for now

[-] xaera@sh.itjust.works 2 points 1 year ago* (last edited 1 year ago)

Not really, here's why:

  • weak ciphers
  • SCSV (protocol fallback)

That's why I didn't go for that thankless job.

this post was submitted on 07 Aug 2023
9 points (80.0% liked)

sh.itjust.works Main Community

7585 readers
3 users here now

Home of the sh.itjust.works instance.

Matrix

founded 1 year ago
MODERATORS
TheDude@sh.itjust.works
manifex@sh.itjust.works
biela@sh.itjust.works
imaqtpie@sh.itjust.works