|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
9 Dec 2014, 12:12 PM | #1 |
Senior Member
Join Date: Dec 2009
Posts: 197
|
SSL Report
https://www.ssllabs.com/ssltest/anal...ml?d=runbox.no
https://www.ssllabs.com/ssltest/anal...l?d=runbox.com As you can see, the .no receives an F, and .com a B. Just wondering why .no does so badly, and if it matters? |
9 Dec 2014, 01:39 PM | #2 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
Hi and thanks for bringing this to our attention.
Apparently SSL Labs have changed their tests -- we worked hard to achieve an A rating a few months ago by following the recommendations of Qualys' Ivan Ristić here: http://blog.ivanristic.com/2013/08/c...d-secrecy.html Presumably they now believe the RC4 cipher suite should be disabled, which would prevent Internet Explorer users on Windows XP from using the site. After checking our logs we found that hardly anyone is using Runbox on Windows XP anymore, so we have disabled RC4 tentatively -- and we now have an A rating again: https://www.ssllabs.com/ssltest/anal...l?d=runbox.com We're soon going to move both runbox.com and runbox.no to new servers and we will try to fix the SSL rating for runbox.no then. - Geir |
9 Dec 2014, 01:43 PM | #3 |
Senior Member
Join Date: Dec 2009
Posts: 197
|
Much appreciated. Keep up the good work!
|
29 Dec 2014, 01:57 AM | #4 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
the ssllabs test now rates the runbox.com domain back down to a C grade as the server is vulnerable to the POODLE attack.
Can you disable the SSL 3 support on the servers, I don't know what clients wouldn't be able to support TLS. |
29 Dec 2014, 03:08 AM | #5 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
Thanks for bringing this to our attention -- it helped us uncover a misconfiguration that was introduced the other day while working on another part of our web server configuration.
We disabled SSL3 15 months ago, namely -- and have now done so again! Back to A rating: https://www.ssllabs.com/ssltest/anal...box.com&latest - Geir |
2 Jan 2015, 01:19 AM | #6 | |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
Quote:
- Geir |
|
27 Oct 2015, 02:20 AM | #7 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
Can you get the cert for the support.runbox.com domain updated.
Because of the SHA-1 and RC4, Chrome 46 gives it a Red padlock with a cross through it and it gets a poor score with ssllabs; https://www.ssllabs.com/ssltest/anal...ort.runbox.com |
7 Nov 2015, 07:28 AM | #8 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
Yes, we are working on this.
- Geir |