Custom Query (196 matches)
Results (190 - 192 of 196)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#389 | fixed | Enable HTTPS perfect forward secrecy | andersk | |
Description |
This is complicated by the requirement to keep SSLSessionTicketKeyFile out of persistent storage, rotate it frequently, and synchronize it across servers. It would also be nice to remember the last N old keys so that each rotation doesn’t force every user to establish a new SSL session. We’ll probably need to do some Apache development. https://www.imperialviolet.org/2013/06/27/botchingpfs.html https://blog.twitter.com/2013/forward-secrecy-at-twitter-0 |
|||
#390 | fixed | /__scripts/icons missing on F20 | andersk | |
Description |
See http://b-m.mit.edu/__scripts/icons/ vs. http://b-b.mit.edu/__scripts/icons/ (for Apache directory indexes). |
|||
#400 | fixed | SHA-1 certificates from mitcert since 2013 will be degraded by Chrome | andersk | |
Description |
davidben points out that Chrome will be degrading SHA-1 certificates valid past 2016-01-01:
This seems to include all certificates that mitcert/InCommon has issued (and continues to issue!) since 2013-01-01, since they have a three year expiration date. So we’re going to need to replace all these certificates soon. This might also be a good excuse to move to a 2048-bit private key (because a 4096-bit certificate signed by 2048-bit CAs provides no security benefit and is noticeably slower). |