I forwarded the VIAF complaint to our network folks. They were able to fix it
some, but a complete fix will not happen for a while.
Here's their message:
I changed the load balancer parameters for this farm viaf.org:443 to
raise the "grade" from "F" to "C".
To get it higher will take an OS upgrade on the load balancer which
will happen later this year.
Ralph
-----Original Message-----
From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of stuart
yeates
Sent: Sunday, September 06, 2015 5:52 AM
To: CODE4LIB@LISTSERV.ND.EDU
Subject: Re: code4lib services and https
SSL is security theatre unless people start doing it better.
SSL is a layer of complexity, it's easy to get wrong and the library community
is systematically getting it wrong (picking on some big names, because they're
tough enough to take it, not because they noticeably do it any better or worse):
https://www.ssllabs.com/ssltest/analyze.html?d=viaf.org
https://www.ssllabs.com/ssltest/analyze.html?d=code4lib.org
https://www.ssllabs.com/ssltest/analyze.html?d=loc.gov
I'd implore you to check a couple of sites local to you and ping the
administrators if it doesn't get the all clear.
In some cases there are reasons why security might be lagging on a particular
site (third party hosting, third party client connecting using out-of-date SSL
libraries, need to support many-years-out-of-patch-cycle browsers, etc), but
that's the kind of thing that needs to be an explicit policy.
cheers
stuart
