• bielaM
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I’ll take a look at our configs tomorrow 👍

    • sugar_in_your_tea
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Were we outdated? I see we’re using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that’s not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.

      I guess it’s possible we allowed older TLS versions, but at least the version I’m connecting with is completely fine.

      • xaeraOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Not really, here’s why:

        • weak ciphers
        • SCSV (protocol fallback)

        That’s why I didn’t go for that thankless job.