Author Topic: https:// is broken on forum server (Read 12278 times)

Asyn · « **Reply #15 on:** October 15, 2014, 04:14:15 PM »

Quote from: gordon451 on October 15, 2014, 03:04:04 PM

Quote from: Asyn on October 15, 2014, 02:14:39 PM
Supported in V10 (2015).
I'm tempted $:-\$

Go ahead Gordon, it won't bite.

polonus · « **Reply #16 on:** October 15, 2014, 06:16:40 PM »

Did not know we were so "in the flow"with actuality of the "Poodle" hole.

Last night I spread the news on the Avast forums that we expected breaking news via Brian Krebs expecting this.

Now we know that the Google testers stumbled upon this fallback gaping hole exploit in SSLv3.

Disable SSLv3 in Chrome via this Command line flag "--ssl-version-min=tls1" (without "") if you already want to do this now.

This is what Google plans for the future considering the Poodle hole:
re; https://www.imperialviolet.org/2014/10/14/poodle.html

For firefox give in about:config and look for security.tls.version.min
Change the value for this to 1 to disable SSLv3.

Firefox will support SCSV-mechanisme from version 36 onwards..

Tor browsers are secure by desigm.

In IE go to Extra -> Internet Options -> Tab -Advanced .-> at Security untick SSL 3.0 and then tick to use TLS 1.0, TLS 1.1 en TLS 1.2
whenever this has not been enabled yet.

polonus

REDACTED · « **Reply #17 on:** October 16, 2014, 02:41:40 PM »

Just for a laugh, set "security.ssl.require_safe_negotiation;true" and maybe also "security.ssl.treat_unsafe_negotiation_as_broken;true", then go to https://www.howsmyssl.com/.

KM gives me this:

Quote

Secure Connection Failed

An error occurred during a connection to www.howsmyssl.com. Peer attempted old style (potentially vulnerable) handshake. (Error code: ssl_error_unsafe_negotiation)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.

I did try (not very hard, you'll see) to contact them, using Opera.

Quote

Have feedback? Leave it on the howsmyssl-upkeep mailing list. Notice a bug? Create an issue on the Github repository.

Feedback is very welcome.

The mailing list is maintained by Google Groups, and I do have an account. They want me to join a group before posting. So GitHub... wants me to make a new account... Why? I do that for things I care about, like JIRA at ReactOS. Not to tell someone the hard way his product has a problem. Maybe he doesn't want to know? Even Open Hardware Monitor doesn't do this sort of rubbish, you just go there and post.

ReactOS should be ready about the time W7 dies of old age

BTW, I'm using the exact same config settings on this forum. Amazing.

Anyway,

Gordon.

polonus · « **Reply #18 on:** January 13, 2015, 12:20:11 AM »

Security header configuration on https://forum-02.avast.com (and recommendations)
http://www.uploady.com/#!/download/wu2ajyxLvBV/7FpuOEXwvGoLr6nk

polonus

Michael (alan1998) · « **Reply #19 on:** January 13, 2015, 01:11:11 PM »

Polonus, ahaha.
This thread is nearly 3 months old now..

bob3160 · « **Reply #20 on:** January 13, 2015, 05:00:38 PM »

Quote from: Michael (alan1998) on January 13, 2015, 01:11:11 PM

Polonus, ahaha.
This thread is nearly 3 months old now..

That's what happens when there's little activity on the forum and you're bored.....

Author Topic: https:// is broken on forum server (Read 12278 times)

Asyn

Re: https:// is broken on forum server

polonus

Re: https:// is broken on forum server

REDACTED

Re: https:// is broken on forum server

polonus

Re: https:// is broken on forum server

Michael (alan1998)

Re: https:// is broken on forum server

bob3160

Re: https:// is broken on forum server