On 12/09/2014 12:09 AM, Andrea Pescetti wrote:
> Ray Miles wrote:
>> When I tried to go to the several FAQ and group forums, there was a warning 
>> to leave the
>> page because of security reasons
> 
> Can you tell us what address were you visiting and what browser you are 
> using? Our HTTPS certificate may not be understood by very old browsers 
> (and this is just a warning; you are not actually taking any risk, 
> simply the browser tells you that it can't guarantee that those pages 
> are from the OpenOffice project), but if you provide the details we can 
> check.
> 
> Regards,
>    Andrea.
> 


Andrea,

You might want to take a closer look at your servers - certs are good but:

"This server is vulnerable to the OpenSSL CCS vulnerability
(CVE-2014-0224) and exploitable. Grade set to F."

"https://www.ssllabs.com/ssltest/analyze.html?d=forum.openoffice.org";
<https://community.qualys.com/blogs/securitylabs/2014/06/13/ssl-pulse-49-vulnerable-to-cve-2014-0224-14-exploitable>

The primary servers seem OK:
https://www.ssllabs.com/ssltest/analyze.html?d=openoffice.org

192.87.106.229
aurora-2012.apache.org Grade A

54.172.167.43
ec2-54-172-167-43.compute-1.amazonaws.com Grade B
"This server accepts the RC4 cipher, which is weak. Grade capped to B"

@Ray Miles: Check to see if your browser is listed here:
<https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers>
If it is, then you should update/upgrade your browser to version that
supports TLS1.2.




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to