- cross-posted to:
- main@sh.itjust.works
- cross-posted to:
- main@sh.itjust.works
You must log in or # to comment.
I’ll take a look at our configs tomorrow 👍
Were we outdated? I see we’re using TLS 1.3 right now, and at least the certificate was last created/renewed before this post (created July 16, post on Aug 6). I know that’s not really a metric, but my browser at least has the minimum TLS version set to 3, so I would absolutely have noticed if SJW used anything older.
I guess it’s possible we allowed older TLS versions, but at least the version I’m connecting with is completely fine.
What about TLS 1.2?
Should still be good for now
Not really, here’s why:
- weak ciphers
- SCSV (protocol fallback)
That’s why I didn’t go for that thankless job.