Our current certs are sha1 signed.. and nobody seems to like that anymore.
Google does 'security shaming' and puts a 'X-ed out lock' as imaged below:
Apparently when chrome v42 came out, they no longer trust sha1 signed certs with expiration dates into 2017.
Also working on replacing the SSL-termination component of our infrastructure. Seems that when you disable SSL (to thwart poodle) it seems to disable TLS v1.2 as well. so damnit.
Along my travels, a colleague showed me this awesome analysis tool.
I pointed it at a really shitty configuration and it gave a nice report:
No comments:
Post a Comment