Hacker News new | past | comments | ask | show | jobs | submit login

Nifty report of HN's HTTPS: https://www.ssllabs.com/ssldb/analyze.html?d=news.ycombinato... Grade C it seems



These stupid grades kind of drive me nuts, but they really should disable SSL 2.0 and the export ciphers.


SSLab's grades are not stupid. They monitor how solid the SSL implementation is and what needs to be corrected to ensure higher security on the site.

Another useful tool is SSLScan, which for Hacker News shows that they are accepting of a very strange set of HTTPS cipher and MAC configurations.

SSLv2 should be turned off, as well as the majority of 40-bit and 56-bit ciphers. Their unusual preference of CAMELLIA-256-CBC is pretty amusing to me.

  Prefered Server Cipher(s):
    SSLv2  168 bits  DES-CBC3-MD5
    SSLv3  256 bits  DHE-RSA-AES256-SHA
    TLSv1  256 bits  DHE-RSA-AES256-SHA
Whaaaaat?


Agree to disagree on the grades, and agree to agree on SSLv2 and export ciphers.

(I have other complaints about the SSLabs grades, but I'm not getting into it here).


Why not? I understand you do not have infinite time but if you get the chance I would enjoy hearing your thoughts.


>Their unusual preference of CAMELLIA-256-CBC is pretty amusing to me.

Yea, I noticed it too when I checked this using Firefox and Chrome.


It was Grade C a day ago. Today I see Grade A:

    Certificate ------ 100
    Protocol Support -  85
    Key Exchange -----  80
    Cipher Strength --  90
What's changed in the past 24 hours?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: