Title update the SSL certificate
Priority urgent Status chatting
Superseder Nosy List matrixise, mmangoba, ncoghlan, r.david.murray
Assigned To Topics

Created on 2016-08-03.00:07:42 by matrixise, last changed 2017-03-27.21:18:49 by mmangoba.

msg3123 (view) Author: matrixise Date: 2016-08-03.00:07:42
See this report on

Thank you,

msg3125 (view) Author: r.david.murray Date: 2016-08-03.16:53:55
Grade: C.

That is pretty uninformative.  Did I miss something?
msg3127 (view) Author: ncoghlan Date: 2016-08-06.14:35:20
I'm not sure why the direct link isn't working, but if you click on the "" heading it will take you through to the detailed report.


* This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
* Certificate has a weak signature and expires after 2015. Upgrade to SHA2 to avoid browser warnings.
* The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
* The server does not support Forward Secrecy with the reference browsers.

Of those, only the SHA1 signature is related to the cert itself - the rest have to do with Upfront's server configuration.
msg3136 (view) Author: r.david.murray Date: 2016-08-09.16:10:44
Well, we can edit the apache server config too.  In fact, I thought I'd done the diffie-hellman fix, but I guess I didn't.

I don't understand the 'cert expires' part, it was renewed in September of 2015.

Is there any reason we couldn't use letsencrypt for bugs?
Date User Action Args
2017-03-27 21:18:49mmangobasetnosy: + mmangoba
2016-08-09 16:10:44r.david.murraysetmessages: + msg3136
2016-08-06 14:35:21ncoghlansetnosy: + ncoghlan
messages: + msg3127
2016-08-03 16:53:55r.david.murraysetstatus: unread -> chatting
nosy: + r.david.murray
messages: + msg3125
2016-08-03 00:07:42matrixisecreate