Koozali.org: home of the SME Server

TLS1.2

Offline waldviertler

  • ***
  • 107
  • +0/-0
TLS1.2
« on: December 29, 2016, 09:15:11 PM »
Hello!

I have a 8.x Server with all updates installed. And I have a cacert server certificate.
Today I checked my SSL/TLS certificate installation at: https://cryptoreport.geotrust.com/checker/
And got this:

Code: [Select]
Warnings
TLS1.2
This server is vulnerable to a TLS renegotiation attack. More information.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.

Is that a thing from the server or from cacert?
Or is this only while checking a cacert certificate with the geotrust checker?

Best regards
Martin


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: TLS1.2
« Reply #1 on: December 30, 2016, 09:03:24 PM »
Martin

You would be wise to update to sme 9.x asap to avoid these sorts of issues. SME 9.x has many improvements.
See
https://forums.contribs.org/index.php/topic,52058.0.html
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: TLS1.2
« Reply #2 on: January 01, 2017, 09:21:06 PM »
Thank you. I will update.

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: TLS1.2
« Reply #3 on: January 05, 2017, 10:47:40 AM »
I have successfully updated the server to 9.1  8-)

But while checking the certification installation again with https://cryptoreport.geotrust.com/checker/

I get:

Code: [Select]
This server is vulnerable to a BEAST attack.
Is this a problem from the server or from cacert?

best regards
martin

Offline DanB35

  • ****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: TLS1.2
« Reply #4 on: January 05, 2017, 11:41:21 AM »
It's from the server, nothing to do with your certificates.  The problem is that mitigating BEAST on the server side requires using the RC4 cipher, which introduces other vulnerabilities.  The folks at SSLLabs don't consider it a significant threat: https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat.
......

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: TLS1.2
« Reply #5 on: January 05, 2017, 01:51:03 PM »
Thank you!