Jaak, Take a look now.
I’ve upgraded the HTTP server to avoid SSLv3 and RC4. Had to explicitly add TLS 1.0. And specifically added support for TLS 1.1 and 1.2. That means we have limited support for Windows XP users. If we have problems I may need to add SSLv3 and RC4 back in as a fall back for them. The only thing keeping us from A+ is HSTS. DM > On Feb 15, 2016, at 4:14 PM, DM Smith <dmsm...@crosswire.org> wrote: > > I tried to fix this the other day, and will shortly. But the server locked up > twice in that day. So I’ve backed out my changes (a one-liner for this issue) > and am doing them one at a time. I hope to have that solved within a week. > > In Him, > DM > >> On Feb 15, 2016, at 3:44 PM, Jaak Ristioja <j...@ristioja.ee >> <mailto:j...@ristioja.ee>> wrote: >> >> The Qualys SSL Labs SSL Server test gives crosswire.org >> <http://crosswire.org/> a C rating >> mainly due to supporting SSLv3 and the RC4 cipher. >> >> https://www.ssllabs.com/ssltest/analyze.html?d=crosswire.org&hideResults=on >> <https://www.ssllabs.com/ssltest/analyze.html?d=crosswire.org&hideResults=on> >> >> Blessings, >> Jaak >> >> On 15.02.2016 20:11, DM Smith wrote: >>> Went with LetsEncrypt. It should be proper for the entire crosswire.org >>> <http://crosswire.org/> >>> <http://crosswire.org <http://crosswire.org/>> web. If you see a problem or >>> have a question, let >>> me know. >>> >>> In Him, >>> DM Smith >>> >>>> On Feb 12, 2016, at 5:30 PM, Matěj Cepl <mc...@cepl.eu >>>> <mailto:mc...@cepl.eu> >>>> <mailto:mc...@cepl.eu <mailto:mc...@cepl.eu>>> wrote: >>>> >>>> On 2016-02-12, 19:28 GMT, David Haslam wrote: >>>>> Even so, this is the way browsers are moving! >>>>> >>>>> The sooner we can move away from self signed the better. >>>> >>>> Certainly, I see two ways out: >>>> >>>> * https://letsencrypt.org/ <https://letsencrypt.org/> … I have never >>>> tried it, so >>>> I am not sure how really difficult it is, but it is >>>> supposed to be the free way how to get working and >>>> supported certificate for a website >>>> >>>> * I use personally certificate from >>>> https://www.startssl.com/ <https://www.startssl.com/> For me the price >>>> is US$60/two >>>> year certificate, not sure whether the company would be >>>> willing to give some discount for non-profit/religious >>>> organization, or we would be satisfied with the free >>>> certificate (one domain only, no wildcard). >>>> >>>> Best, >>>> >>>> Matěj >>>> >>>> -- >>>> https://matej.ceplovi.cz/blog/ <https://matej.ceplovi.cz/blog/>, Jabber: >>>> mc...@ceplovi.cz <mailto:mc...@ceplovi.cz> >>>> <mailto:mc...@ceplovi.cz <mailto:mc...@ceplovi.cz>> >>>> GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC >>>> >>>> [...] a superior pilot uses his superior judgment to avoid having to >>>> exercise >>>> his superior skill. >>>> -- >>>> http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653 >>>> <http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653> >>>> >>>> >>>> _______________________________________________ >>>> sword-devel mailing list: sword-devel@crosswire.org >>>> <mailto:sword-devel@crosswire.org> >>>> <mailto:sword-devel@crosswire.org <mailto:sword-devel@crosswire.org>> >>>> http://www.crosswire.org/mailman/listinfo/sword-devel >>>> <http://www.crosswire.org/mailman/listinfo/sword-devel> >>>> Instructions to unsubscribe/change your settings at above page >>> >>> >>> >>> _______________________________________________ >>> sword-devel mailing list: sword-devel@crosswire.org >>> <mailto:sword-devel@crosswire.org> >>> http://www.crosswire.org/mailman/listinfo/sword-devel >>> <http://www.crosswire.org/mailman/listinfo/sword-devel> >>> Instructions to unsubscribe/change your settings at above page >>> >> >> >> _______________________________________________ >> sword-devel mailing list: sword-devel@crosswire.org >> <mailto:sword-devel@crosswire.org> >> http://www.crosswire.org/mailman/listinfo/sword-devel >> <http://www.crosswire.org/mailman/listinfo/sword-devel> >> Instructions to unsubscribe/change your settings at above page > > _______________________________________________ > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page
_______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
