> On Jun 25, 2014, at 9:32 AM, "Eric H. Christensen" <[email protected]> > wrote: > > Unfortunately a self-signed cert can't protect against MITM attacks until > that certificate is downloaded (how can you know that you have downloaded the > correct cert?). You can get a CA to sign the certificate for around $10 from > ssls.com. Also, the cert doesn't support www.xastir.org which can be > problematic. I'd also suggest signing the key with at least SHA256 instead > of SHA1. > > Also, it appears that the server supports EXPORT cipher suites. I'd > recommend just supporting HIGH ciphers.
Dude, this is protecting a wiki password from spammers; it isn't your bank account or anything. -j _______________________________________________ Xastir mailing list [email protected] http://xastir.org/mailman/listinfo/xastir
