[tor-bugs] #11252 [arm]: www.atagar.com only supports RC4 cipher
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 20 16:20:30 UTC 2014
#11252: www.atagar.com only supports RC4 cipher
--------------------+------------------------
Reporter: atagar | Owner: atagar
Type: defect | Status: new
Priority: minor | Milestone:
Component: arm | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+------------------------
[http://www.atagar.com/arm Arm's website] is hosted on my domain.
Recently-ish Dreamhost added SNI (Server Name Indication), allowing me to
**finally** support TLS on their shared hosting. I just got a request for
the domain to support better cyphers...
{{{
Hey
May I humbly suggest that you really update your SSL/TLS configuration
on atagar.com. You only support the RC4 cipher, which is considered
insecure and is at this point being phased out.
Look at the result here:
https://www.ssllabs.com/ssltest/analyze.html?d=atagar.com
Also, since you're directly linked from torproject.org you should set
a good example.
Search for 'Perfect forward secrecy apache' to find a good
configuration.
Hope this you'll have a look at it, thanks! :)
}}}
I'm not sure if this is an option with Dreamhost's setup, but I should
take a peek.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11252>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list