Re: [cryptography] no, don't advertise that you support SSLv2!
On 4/08/2015 05:29 am, Patrick Pelletier wrote: I was on an e-commerce site today, and was horrified when I saw the following badge: https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif Did they still have SSLv2 enabled? I checked, and luckily they don't: https://www.ssllabs.com/ssltest/analyze.html?d=us-dc2-order.store.yahoo.net So, it's not as bad as their badge claims, but still, they only get a C. (They support only one version: TLS 1.0.) I would've thought a big Web property like Yahoo could do better. :( Why is this any different to a web browser showing a padlock to users that means you're secure? iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] no, don't advertise that you support SSLv2!
Yahoo has always had lax security (weak spam filters, no bad pass lock, no attachment virus scan). But as a news site (as long as their reporters get to have better security), they don't do bad. On Aug 3, 2015 10:03 PM, Patrick Pelletier c...@funwithsoftware.org wrote: I was on an e-commerce site today, and was horrified when I saw the following badge: https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif Did they still have SSLv2 enabled? I checked, and luckily they don't: https://www.ssllabs.com/ssltest/analyze.html?d=us-dc2-order.store.yahoo.net So, it's not as bad as their badge claims, but still, they only get a C. (They support only one version: TLS 1.0.) I would've thought a big Web property like Yahoo could do better. :( --Patrick ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] no, don't advertise that you support SSLv2!
On 8/4/2015 12:29 AM, Patrick Pelletier wrote: I was on an e-commerce site today, and was horrified when I saw the following badge: https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif Did they still have SSLv2 enabled? I checked, and luckily they don't: https://www.ssllabs.com/ssltest/analyze.html?d=us-dc2-order.store.yahoo.net So, it's not as bad as their badge claims, but still, they only get a C. (They support only one version: TLS 1.0.) I would've thought a big Web property like Yahoo could do better. :( --Patrick ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography It is worth pointing this out to them. --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography