I think that's expected, but it's an issue that should be fixed. As I understand it, the warning is because AES_128_CBC is susceptible to Padding Oracle attack (depending on implementation) and when TLS only uses RSA key exchange, it doesn't provide forward secrecy (interloper can passively record then decrypt).
There isn't anything on the site that would be worth the hacking trouble. It is just static content and no JavaScript was (ab)used in any of it. On Mon, Mar 24, 2025, 8:12 AM Willow Liquorice <wil...@howhill.com> wrote: > Hello, > > Just thought I'd mention that my browser does *not* like connecting to > the IWP9 website. It's complaining about the site doing an "old-style > (potentially unsafe) handshake" – SSL_ERROR_UNSAFE_NEGOTIATION. > > Is this a quick fix on either end? > > - Willow ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T6492d49f521453ea-Md5547dc8df967f3f936671d6 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
