[FOSDEM] fosdem.org does not support TLS 1.[12]

Tom Marble tmarble at info9.net
Wed Jan 15 17:06:19 CET 2014


As everyone in our community can benefit from improving security
I thought I would share this observation with everyone.

I recently realized that Iceweasel, by default, is not configured
to not support the recent versions of TLS yet it accepts weak ciphers.

You can check your browser here (notably TLS version)

Here's how to fix this in Firefox
I set security.tls.version.min = 2 (require at least TLS 1.1)
I set security.tls.version.max = 3 (support TLS 1.2)

As for the accepted ciphers I went to about:config, searched
for RC4 and set all variables to false. Now when I encounter
a website that insists on TLS 1.0 or RC4 I know it's
insecure (and I load it in another, vulnerable browser).

That's how I found fosdem.org doesn't support TLS 1.1 or 1.2.

Server Check
Currently TLS 1.1 and 1.2 are not supported!

Server Fix (TLS versions and cipher suites for PFS)

For example on my server I favor PFS and completely disable RC4, for example:

SSLProtocol             all -SSLv2
SSLHonorCipherOrder     on
SSLCompression          off

Stay safe out there!


More information about the FOSDEM mailing list