Re: secwiki.org: ssl_error_no_cypher_overlap

[Fyodor <fyodor () nmap org>]

On Thu, Jan 9, 2014 at 8:46 AM, Jacek Wielemborek <d33tah () gmail com> wrote:

> Hi,
>
> I recently visited https://www.howsmyssl.com/ and found that my Firefox
> has
> SSL/TLS configured to use insecure ciphers. I did a bit of searching and
> found
> ways to disable them, and add some other tweaks, but then I discovered
> that I
> can't visit https://secwiki.org anymore. I suppose that the reason is
> that the
> server is not configured to support TLS 1.2. Is it possible that it's due
> to
> misconfiguration of the web server?

Well, we have this entry in the Nmap todo which we still need to do:

o Web: We should probably distribute RapidSSL intermediate certificate
  on SecWiki so it is trusted even if browsers don't have that cert
  cached.  Here's a page nothing the issue:
  https://www.ssllabs.com/ssltest/analyze.html?d=secwiki.org
  - We probably need to add an entry in apache conf after
  SSLCertificateFile which looks something like:
  SSLCertificateChainFile /etc/apache2/rapidssl.pem


That might be the problem and we are planning to address it soon.  If you
find another SSL-related issue on the site though, let us know and we'll
try to fix that too.

Cheers,
Fyodor
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/