[Debconf-team] Invalid HTTPS Cerfificate for Gallary

To: debconf-team@lists.debconf.org
Subject: [Debconf-team] Invalid HTTPS Cerfificate for Gallary
From: Andrew Regan <a.jamesregan@gmail.com>
Date: Mon, 6 Jun 2016 20:40:09 -0400
Message-id: <[🔎] CAMzY2w8CF17nQr6Wt=jgEDuWDFBcWo_+QA0tpqi=hOdW21rY_Q@mail.gmail.com>

Hello DebConf team,

While reading the Debian Developer documentation, I noticed that the image
galleries page [1] has an invalid HTTPS certificate.

The link is to this page is posted on the Developers' Corner [2] of
the main site
and has the text:  "You can also see the world map of Debian developers and
image galleries from various Debian events."

I also did a test on SSL labs [3] and the following issues were reported:
* This server's certificate is not trusted.
* This server supports anonymous (insecure) suites (see below for details).
* This server is vulnerable to the POODLE attack. If possible, disable SSL 3
   to mitigate.
* This server supports weak Diffie-Hellman (DH) key exchange parameters.
* Certificate has a weak signature and expires after 2015. Upgrade to SHA2
   to avoid browser warnings.
* This server accepts RC4 cipher, but only with older protocol versions.
* The server does not support Forward Secrecy with the reference browsers.


[1] https://gallery.debconf.org/
[2] https://www.debian.org/devel/
[3] https://www.ssllabs.com/ssltest/analyze.html?d=gallery.debconf.org&s=5.153.231.226

I hope this helps,
Andrew R

Reply to:

Prev by Date: Re: [Debconf-team] DC16 Budget - Last call (really)
Next by Date: [Debconf-team] double-checking: content on July 9th?
Previous by thread: Re: [Debconf-team] Budget review & re-approval request
Next by thread: [Debconf-team] double-checking: content on July 9th?
Index(es):
- Date
- Thread