Remove RC4 from libravatar-www
Bug #1163627 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
High
|
François Marier |
Bug Description
We should move away from RC4 on libravatar-www given that it's not all that great anymore:
http://
There's probably no need to change -seccdn though.
Changed in libravatar: | |
status: | Confirmed → Fix Committed |
Changed in libravatar: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Now that the main server is on wheezy, we should improve its TLS config:
http:// hynek.me/ articles/ hardening- your-web- servers- ssl-ciphers/
Removing RC4, disabling compression and favouring the TLS 1.2 ciphers that give perfect forward secrecy.