Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: waldviertler on December 29, 2016, 09:15:11 PM
-
Hello!
I have a 8.x Server with all updates installed. And I have a cacert server certificate.
Today I checked my SSL/TLS certificate installation at: https://cryptoreport.geotrust.com/checker/ (https://cryptoreport.geotrust.com/checker/)
And got this:
Warnings
TLS1.2
This server is vulnerable to a TLS renegotiation attack. More information.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.
Is that a thing from the server or from cacert?
Or is this only while checking a cacert certificate with the geotrust checker?
Best regards
Martin
-
Martin
You would be wise to update to sme 9.x asap to avoid these sorts of issues. SME 9.x has many improvements.
See
https://forums.contribs.org/index.php/topic,52058.0.html
-
Thank you. I will update.
-
I have successfully updated the server to 9.1 8-)
But while checking the certification installation again with https://cryptoreport.geotrust.com/checker/ (https://cryptoreport.geotrust.com/checker/)
I get:
This server is vulnerable to a BEAST attack.
Is this a problem from the server or from cacert?
best regards
martin
-
It's from the server, nothing to do with your certificates. The problem is that mitigating BEAST on the server side requires using the RC4 cipher, which introduces other vulnerabilities. The folks at SSLLabs don't consider it a significant threat: https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat.
-
Thank you!