Upgrade apache or libssl

[FroMage]

It appears https://www.ssllabs.com/ssltest/analyze.html?d=modules.ceylon-lang.org&ignoreMismatch=on says our SSL implementation is not up to date, especially TLS 1.0 instead of the newer 1.2, perhaps we need to upgrade apache or libssl?

[lucaswerkmeister]

Also, you use the modules.ceylon-lang.org cert for ceylon-lang.org as well (when someone manually requests that via HTTPS): https://ceylon-lang.org/

[lucaswerkmeister]

According to the above SSL Labs link, the server now supports TLS up to 1.2 (in fact the rating is pretty good overall). I think this issue can be closed.

[tombentley]

Well this issue wasn't closed. Right now we score a B. Is that good enough? The main problems are some insecure cypher suites, supporting RC4 and only partial support for forward secrecy.

[lucaswerkmeister]

Well back in 2014 I dind’t have the permissions to close this issue :)

SSLLabs report link

We could remove RC4, which is the only grossly insecure suite in our list. I’m not sure why it complains about FS – we seem to support it for all up-to-date systems tested by SSLLabs (exceptions are old versions of Windows, Windows Phone, Android, or Java).

I noticed something else in the report:

Server hostname mail.projectodd.org

Is that really the correct hostname? I suspect it’s just a copy+pasted and not updated bit of Apache config :)