[Systems] CAcert certificate expiring

Luke Faraone luke at sugarlabs.org
Mon Feb 14 17:51:35 EST 2011


On 02/14/2011 05:26 PM, Bernie Innocenti wrote:
> On Mon, 2011-02-14 at 21:06 +0100, Sascha Silbe wrote: 
>> Excerpts from Bernie Innocenti's message of Mon Feb 14 20:42:18 +0100 2011:
>>
>>> If you want to tweak Apache a little bit, you might also want to disable
>>> SSL3 and the old SSL2 way of performing a handshake (referred to as SSL
>>> 2.0+ Upgrade Support). All modern and also old browsers support TLS1.0
>>> so there is no problem with compatibility
>>
>> As I wrote before, Epiphany (and potentially other Webkit/GTK based
>> browsers) does NOT work with TLS only servers. Take a look at the ticket
>> [1]; I reported this just a few days ago [2].
> 
> But it seems to work for me!
> 
> I just tried with Epiphany 2.30.6 and libsoup 2.30.2. See for yourself:
> 
>   https://codewiz.org/
> 
> (I'm not actually 100% sure that Apache has turned off all the SSLv2 and
> SSLv3 modes. Is there an openssl command which reports what a server
> supports?)

Well, Qualys doesn't support SNI, but
<https://www.ssllabs.com/ssldb/analyze.html?d=codewiz.org> lists the
protocols supported.

-- 
Luke Faraone
Sugar Labs, Systems
✉: luke at sugarlabs.org
I: lfaraone on irc.freenode.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sugarlabs.org/private/systems/attachments/20110214/0f91fa41/attachment.pgp>


More information about the Systems mailing list