From owner-freebsd-security@FreeBSD.ORG Thu May 14 08:28:31 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E48F0EC8 for ; Thu, 14 May 2015 08:28:31 +0000 (UTC) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "patpro.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A40731F09 for ; Thu, 14 May 2015 08:28:31 +0000 (UTC) Received: from [192.168.0.2] (boleskine.patpro.net [82.230.142.222]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by rack.patpro.net (Postfix) with ESMTPSA id EDFD7E26; Thu, 14 May 2015 10:28:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=201504-3edeac90; t=1431592108; bh=mYCe9Yp9mibitFizaNUHQtvqH2a37GA4XyuIrvQ9TEk=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=4RP+dakzOfb1cGQGDXN+prwyviI+ymxq1vLcTn3roeaypVlFk+rkfWdP29R++bCuP O+nhu4Cz2/zoXBwjTS53AIsxmGYYTk/ejpQSro6KFIOdRmw7p0Y9ExLW1G4UAIFoRB rWyCdoRkhysXl/UPHgocmE93OsIn2Y/3knNnRcfqvWj55Q3k+FUCj29td9ct4Ffedh S07RdZSaQK7PjLJksup5/BR7ATRYpiG1EFVNCQntY7OxgxoAyN5hWp3lSCmJfG5Z4e MiP2JwiwAZTO/IpNkMuhtjsgDb63RCL3gJdo5sqRjZ3a6VIdyWYgYEuTru9AJM0+m9 Gc3dt83VQPx1ZBfE2jAUtIU8Er4PVxGHqktoBtRjsPXT+lA+byL9LXv3AL049omJLl 7h5cIcsVUPqt18dfmzoKDKu2YqL4VnqzdXuNtCySTw1u3a5BMk9s1LDTh6efXcPzsx w/LPoqUHtg5xUbtJkkzwOveFDmXRd4G8+J4WthBZ95sBg3m/f8ApIPj8lxhEy4bSkD kd2qHqxCTqFd4n86xNH0hZY1ZU+43F05NxcO/VxraHkfQtKMYOc4T3pzs5z3wcB7mN rvePUe0tcQsUeRB4bvaDetBk/TFVCiCdmBmGTlDMwFRQlHhIkLJPPik41vGtkFE+Dn 3cqB027RneEMDZbSJCAEebcY= Subject: Re: Forums.FreeBSD.org - SSL Issue? Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Patrick Proniewski In-Reply-To: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> Date: Thu, 14 May 2015 10:28:27 +0200 Cc: Liste FreeBSD-security Content-Transfer-Encoding: quoted-printable Message-Id: <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> To: Anders Gulden Olstad X-Mailer: Apple Mail (2.1085) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2015 08:28:32 -0000 On 13 mai 2015, at 23:18, Anders Gulden Olstad wrote: > Qualys report chain issues that's pretty odd, because I've checked too just after sending my reply = to the list (message id = A2D58CCB-8B0A-40FF-9ED1-89B698A830DD@patpro.net), and Qualys reported no = issues at all about the chain. That was about 7-8 hours before your = message. But well, the global note was B at this time, and now it's A+. They = obviously upgraded TLS from 1.0 to 1.2, ditched support for "old" = browsers, and made other cipher tuning. Good job admins (though I would = have been a bit more conservative about browser support). regards, patpro=