I've been running a SME server for some 3-4 years now. Excellent workhorse, huge community here. This year I will also take the plunge and try to upgrade to 9.x.
In the meantime, I've stumbled into the SSLlabs checkssl page at
https://www.ssllabs.com/ssltest/analyze.htmlI decided to test my own 8.2-based server. End result is that the server was graded with C, the 2 main issues being that the rather old-in-the-tooth TLS 1.0 is supported, as well as weak cipher suites. Pasted from the grading:"
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO »
The server does not support Forward Secrecy with the reference browsers. MORE INFO »
From all these recommendations, the only one actually worrying me is the one about TLS 1.2. As per
RFC7525 (also a Best Current Practice document, BCP195):
o Implementations SHOULD NOT negotiate TLS version 1.0 [RFC2246];
the only exception is when no higher version is available in the
negotiation.
Rationale: TLS 1.0 (published in 1999) does not support many
modern, strong cipher suites. In addition, TLS 1.0 lacks a per-
record Initialization Vector (IV) for CBC-based cipher suites and
does not warn against common padding errors.
o Implementations SHOULD NOT negotiate TLS version 1.1 [RFC4346];
the only exception is when no higher version is available in the
negotiation.
Rationale: TLS 1.1 (published in 2006) is a security improvement
over TLS 1.0 but still does not support certain stronger cipher
suites.
o Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
negotiate TLS version 1.2 over earlier versions of TLS.
Rationale: Several stronger cipher suites are available only with
TLS 1.2 (published in 2008). In fact, the cipher suites
recommended by this document (Section 4.2 below) are only
available in TLS 1.2.
This BCP applies to TLS 1.2 and also to earlier versions. It is not
safe for readers to assume that the recommendations in this BCP apply
to any future version of TLS.
Can 8.2 OpenSSL be upgraded, considering that EOL is on 2017? Are things better on 9.x?