Koozali.org formerly Contribs.org

Obsolete Releases => SME Server 8.x => Topic started by: waldviertler on December 29, 2016, 09:15:11 PM

Title: TLS1.2
Post by: waldviertler on December 29, 2016, 09:15:11 PM
Hello!

I have a 8.x Server with all updates installed. And I have a cacert server certificate.
Today I checked my SSL/TLS certificate installation at: https://cryptoreport.geotrust.com/checker/ (https://cryptoreport.geotrust.com/checker/)
And got this:

Code: [Select]
Warnings
TLS1.2
This server is vulnerable to a TLS renegotiation attack. More information.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.

Is that a thing from the server or from cacert?
Or is this only while checking a cacert certificate with the geotrust checker?

Best regards
Martin

Title: Re: TLS1.2
Post by: janet on December 30, 2016, 09:03:24 PM
Martin

You would be wise to update to sme 9.x asap to avoid these sorts of issues. SME 9.x has many improvements.
See
https://forums.contribs.org/index.php/topic,52058.0.html
Title: Re: TLS1.2
Post by: waldviertler on January 01, 2017, 09:21:06 PM
Thank you. I will update.
Title: Re: TLS1.2
Post by: waldviertler on January 05, 2017, 10:47:40 AM
I have successfully updated the server to 9.1  8-)

But while checking the certification installation again with https://cryptoreport.geotrust.com/checker/ (https://cryptoreport.geotrust.com/checker/)

I get:

Code: [Select]
This server is vulnerable to a BEAST attack.
Is this a problem from the server or from cacert?

best regards
martin
Title: Re: TLS1.2
Post by: DanB35 on January 05, 2017, 11:41:21 AM
It's from the server, nothing to do with your certificates.  The problem is that mitigating BEAST on the server side requires using the RC4 cipher, which introduces other vulnerabilities.  The folks at SSLLabs don't consider it a significant threat: https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat.
Title: Re: TLS1.2
Post by: waldviertler on January 05, 2017, 01:51:03 PM
Thank you!