updating TLS cert on tahoe-lafs.org
Brian Warner
warner at lothar.com
Fri Nov 14 18:40:00 UTC 2014
I'm about to update the TLS cert on https://tahoe-lafs.org . The new
cert is slightly different from the old one:
* issued by GANDI (chain is UserTrust->GANDI->tahoe), not GlobalSign
* sig is sha256WithRSAEncryption (no more SHA1, yay)
In addition, I'm going to disable SSL3 on our server: it's time for it
to die (and this blocks the POODLE attack). According to the Qualys
ssllabs.com SSL Server Test, this will cause users of IE6 on WinXP to
fail to connect.
I'm also tempted to disable TLS_RSA_WITH_3DES_EDE_CBC_SHA, which is the
only remaining non-forward-secure cipher suite we accept. This would
cost us IE8-on-WinXP (but IE8 on Win7 could still connect), but should
prevent an attacker from downgrading the connection to a non-FS mode.
The ssllabs.com test page suggests that our forward-security is "ROBUST"
even with this suite enabled, but I'm not sure why (is there a separate
signaling mechanism these days that an active attacker couldn't block so
easily)? Any thoughts?
Please let me know (via email) if you see any problems or have trouble
getting your browser to validate the site after the upgrade.
cheers,
-Brian
More information about the tahoe-dev
mailing list