[Operators] S2S problems
Solomon Peachy
pizza at shaftnet.org
Fri Sep 13 19:46:55 UTC 2013
On Fri, Sep 13, 2013 at 02:00:59PM +0100, Matthew Wild wrote:
> We have a handy bot in the Prosody chatroom to check certificates over
> s2s. I'm pleased to inform you that:
>
> 13:55:29 MattJ> -certinfo shaftnet.org
> 13:55:34 Bunneh> MattJ: shaftnet.org has a valid certificate issued
> by Gandi Standard SSL CA
Excellent!
> but:
>
> 13:56:50 MattJ> -cipher shaftnet.org
> 13:56:50 Bunneh> MattJ: Connection to shaftnet.org uses cipher RC4-MD5
Eww.
> RC4 isn't very highly regarded nowadays, as multiple issues have been
> found with its security[1]. Note that the bot's server intentionally
> negotiates the weakest cipher you support, so it might not be anything
> to lose sleep over :)
This is actually a big part of what I was curious about. jabberd2's set
of ciphers isn't configurable (defaults to ALL:!LOW:!SSLv2:!EXP:!aNULL)
so I was curious to what that translated to on the wire, so to speak.
I wonder if there's any risk of losing interop if I disable RC4-*..
Thanks for runnig this test for me.
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Delray Beach, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum viditur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130913/7c9de310/attachment.pgp>
More information about the Operators
mailing list