31190 2015-08-06 01:44:07 +0300 bugzilla server is vulnerable to critical HTTPS protocol attacks 2015-08-31 14:03:04 +0300 1 1 2 Infrastructure Infrastructure bugzilla.altlinux.org unspecified all Linux CLOSED FIXED https://www.ssllabs.com/ssltest/analyze.html?d=bugzilla.altlinux.org P3 blocker --- 1 lakostis cas glebfm ldv mike cas oldest_to_newest 152346 0 lakostis 2015-08-06 01:44:07 +0300 Просто оставлю это здесь: This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F. MORE INFO » This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. MORE INFO » This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » The server private key is not strong enough. Grade capped to B. This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server's certificate chain is incomplete. Grade capped to B. Настоятельно рекомендуется прочесть MORE INFO и таки обновить настройки HTTPS. 152611 1 ldv 2015-08-31 13:51:18 +0300 bugzilla server чему только не vulnerable. Вынес https:// в отдельный контейнер от греха подальше. 152612 2 mike 2015-08-31 14:03:04 +0300 "Кэширую" текущий ответ по ссылке (т.к. тест небыстрый): Overall Rating: T If trust issues are ignored: B This server's certificate is not trusted, see below for details. This server's certificate chain is incomplete. Grade capped to B. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. This server supports HTTP Strict Transport Security with long duration.