This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

SSL vulnerabilities
#1
SSL vulnerabilities
[Image: WoqCJ7X.png]

Just asking has anyone any fixes for correcting these above SSL vulnerabilities ?
https://threatintelligenceplatform.com/
Reply
Thanks given by:
#2
RE: SSL vulnerabilities
Those are warning meaning you could do better with your config. And it's not a big issue.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#3
RE: SSL vulnerabilities
(02-24-2018, 10:03 AM)Me.B Wrote: Those are warning meaning you could do better with your config. And it's not a big issue.

where would i correct these warnings. where is the config for these to be fixed pls ?
Reply
Thanks given by:
#4
RE: SSL vulnerabilities
This is how my cipher suite looks:
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite  ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by: CMs222
#5
RE: SSL vulnerabilities
Thanks -@TGates-
As you know still learning the ropes.
did you manage to fix any of the others ?

Also..
Do you know if wildcard works with the Lets Encrypt set up guide you created >
Code:
./letsencrypt-auto certonly --standalone -d *.mydomain.tld
Reply
Thanks given by:
#6
RE: SSL vulnerabilities
wildcard are not yet supported by let's encrypt as each certificate will be linked to a domain.

They are planning to support it but didn't see it yet. So stick to per domain certificate. You can also generate a certificate for many domains but not "*".

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#7
RE: SSL vulnerabilities
(02-26-2018, 01:31 AM)Me.B Wrote: wildcard are not yet supported by let's encrypt as each certificate will be linked to a domain.

They are planning to support it but didn't see it yet. So stick to per domain certificate. You can also generate a certificate for many domains but not "*".

M B
 
Do you mean like this ?
Code:
./letsencrypt-auto certonly --standalone -d support.mydomain.tld -d webmail.mydomain.tld -d mysql.mydomain.tld -d www.mydomain.tld -d mydomain.tld -d mail.mydomain.tld -d demo.mydomain.tld -d panel.mydomain.tld
Reply
Thanks given by:
#8
RE: SSL vulnerabilities
yes that will do the trick and works fine.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by: CMs222


Possibly Related Threads…
Thread Author Replies Views Last Post
Hight Security Vulnerabilities Riperino 11 29 ,393 09-11-2015, 04:41 PM
Last Post: iraqiboy90
Where to post open vulnerabilities? Unknown 2 7 ,216 02-17-2015, 01:35 AM
Last Post: Me.B

Forum Jump:


Users browsing this thread: 1 Guest(s)