[tor-bugs] #11252 [arm]: www.atagar.com only supports RC4 cipher

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 20 16:20:30 UTC 2014


#11252: www.atagar.com only supports RC4 cipher
--------------------+------------------------
 Reporter:  atagar  |          Owner:  atagar
     Type:  defect  |         Status:  new
 Priority:  minor   |      Milestone:
Component:  arm     |        Version:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+------------------------
 [http://www.atagar.com/arm Arm's website] is hosted on my domain.
 Recently-ish Dreamhost added SNI (Server Name Indication), allowing me to
 **finally** support TLS on their shared hosting. I just got a request for
 the domain to support better cyphers...

 {{{
 Hey

 May I humbly suggest that you really update your SSL/TLS configuration
 on atagar.com. You only support the RC4 cipher, which is considered
 insecure and is at this point being phased out.

 Look at the result here:
 https://www.ssllabs.com/ssltest/analyze.html?d=atagar.com

 Also, since you're directly linked from torproject.org you should set
 a good example.

 Search for 'Perfect forward secrecy apache' to find a good
 configuration.

 Hope this you'll have a look at it, thanks! :)
 }}}

 I'm not sure if this is an option with Dreamhost's setup, but I should
 take a peek.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11252>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list