[Operators] S2S problems
Matthew Wild
mwild1 at gmail.com
Fri Sep 13 13:00:59 UTC 2013
On 13 September 2013 12:45, Solomon Peachy <pizza at shaftnet.org> wrote:
> On Fri, Sep 13, 2013 at 09:25:15AM +0200, Torsten Reichard wrote:
>> Hey Peter,
>>
>> seems to be good.
>
> Out of curiousity, what are you using to run these tests? I'd like to
> validate that I have my certs set up properly, but nobody on my roster
> is on a server that supports encrypted S2S. (Just in case, I have it
> set up to be as permissive as possible when it comes to cert validation)
>
> I'm pretty sure my C2S stuff is set up properly -- None of the
> clients I use complain about the cert/cachain I'm using.
>
> (shaftnet.org, running jabberd2 with external authentication)
We have a handy bot in the Prosody chatroom to check certificates over
s2s. I'm pleased to inform you that:
13:55:29 MattJ> -certinfo shaftnet.org
13:55:34 Bunneh> MattJ: shaftnet.org has a valid certificate issued
by Gandi Standard SSL CA
but:
13:56:50 MattJ> -cipher shaftnet.org
13:56:50 Bunneh> MattJ: Connection to shaftnet.org uses cipher RC4-MD5
RC4 isn't very highly regarded nowadays, as multiple issues have been
found with its security[1]. Note that the bot's server intentionally
negotiates the weakest cipher you support, so it might not be anything
to lose sleep over :)
Regards,
Matthew
[1]: https://en.wikipedia.org/wiki/RC4#Security
More information about the Operators
mailing list