Forum HTTPS connections still vulnerable
_RiO_
Posts: 1,047 Chairperson of the Boards
Well, I certainly was happy to see that the forums are now operated over HTTPS instead of plaintext.
However, I quickly ran the site through the free testing facilities of SSL Labs and lo and behold;
Looks like a bit more work is needed...
However, I quickly ran the site through the free testing facilities of SSL Labs and lo and behold;
- The server supports weak Diffie-Hellman key exchanges, which opens connections up to the Logjam exploit.
- The server continues to support the SSL 3 protocol, which opens connections up to a POODLE attack.
- The server continues to support the RC4 cipher, which has known vulnerabilities.
- The server has one or more weak and breakable SHA-1 signed certificates in its certificate chain; it should be using SHA-2 up the entire chain.
(This one will actually have to be solved by 2016, as all major browsers are going to actively block connections that use a SHA-1 signed certificate as part of the chain.)
Looks like a bit more work is needed...
0
Comments
Categories
- All Categories
- 44.9K Marvel Puzzle Quest
- 1.5K MPQ News and Announcements
- 20.3K MPQ General Discussion
- 3K MPQ Tips and Guides
- 2K MPQ Character Discussion
- 171 MPQ Supports Discussion
- 2.5K MPQ Events, Tournaments, and Missions
- 2.8K MPQ Alliances
- 6.3K MPQ Suggestions and Feedback
- 6.2K MPQ Bugs and Technical Issues
- 13.7K Magic: The Gathering - Puzzle Quest
- 508 MtGPQ News & Announcements
- 5.4K MtGPQ General Discussion
- 99 MtGPQ Tips & Guides
- 424 MtGPQ Deck Strategy & Planeswalker Discussion
- 300 MtGPQ Events
- 60 MtGPQ Coalitions
- 1.2K MtGPQ Suggestions & Feedback
- 5.7K MtGPQ Bugs & Technical Issues
- 548 Other 505 Go Inc. Games
- 21 Puzzle Quest: The Legend Returns
- 5 Adventure Gnome
- 6 Word Designer: Country Home
- 381 Other Games
- 142 General Discussion
- 239 Off Topic
- 7 505 Go Inc. Forum Rules
- 7 Forum Rules and Site Announcements