New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Well, turns out I'm not vulnerable to the beast.
88 here :P
Here's my nginx SSL settings.
ssl_protocols TLSv1 SSLv3; ssl_ciphers RC4:AES128-SHA:TLSv1:SSLv3:!ADH:!aNULL:!DH:!EDH:!eNULL:!LOW:!SS$ ssl_prefer_server_ciphers on;I always have issues with the SSL handshake speed on Nginx
Anyone have any solutions to that?
Looks like 85 is the best I can get. Not bad still.
Adding SSLHonorCipherOrder On to httpd.conf and distilling was the trick, seems cPanel does not actually enable it, just puts the cipher in, dorks!
85, this is running on the default nginx.conf without any tweaks whatsoever.
Trololo.
Just realized that wildcard subdomain certificate is very very expensive. wew
Not so much if your domain represent a normal... business
Unfortunately, it's not business
eh, 80$ isnt expensive.
For what the issuer actually does it's expensive.
The best I got with my StartSSL is 85. Spent some times to fix the BEAST attack under nginx.
-91- 93 on IIS 7.5
We have used cheapssls.com without problem.....
How to fix the BEAST attack under lighttpd (SolusVM master)
Anyone have got the fix for lighttpd?
@sshVM This? http://redmine.lighttpd.net/issues/2364 ...seems an old issue unless it has popped up again.
@jarland attached patch in given URL says:
The attached patch is for 1.4.29.
The impact should be rather minimal, and the patch should be downwards-compatible so I hope this can added to a new release.
SolusVM lighttpd version
lighttpd -v
lighttpd/1.4.26 (ssl) - a light and fast webserver
I want to confirm whether anyone have applied this patch!
90 - No beast on ours...
@BlueVM No beast on your billing system or VPS Panel?
Even BuyVM's customized VPS panel Stallion has beast effect! Not sure which web server it is running. I guess no fix yet for lighttpd older version.
@sshVM - Not on the billing panel, no real ssh on our vps panel at the moment.
Finally got rid of beast effect by running SolusVM master - Nginx
Yes i know is an old post, shoot me!
But for those that may be wondering how to protect against the BEAST on lighttpd add this to the config
ssl.cipher-list = "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
ssl.honor-cipher-order = "enable"
Ouch !
GlobeSSL $8 - their site seals include your company name and your company address on the seal popup
or
buy a domain name at namecheap and add one of their $1.99 PositiveSSLs to your cart (Thursday morning I got a domain name for $0.99 and an SSL for $1.99)
Both GlobeSSL and PositiveSSL are recognized by virtually every browser
I 2nd the rapid ssl.
+1 for RapidSSL
Fair bump, play on!
... Anyway, this shows what I ended up using to get around the BEAST!
https://www.thriftydevil.com.au/technology/https-on-nginx-on-freebsd