Low score and rating on https://www.ssllabs.com/

[Old Forum guest] anonymous
Created: 7 years and 1 month ago

With a few config related things you can get higher score.
NGINX sample: ssl_ciphers ALL:!NULL:!aNULL:!eNULL:!ADH:!LOW:!EXP:!MD5;

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


anonymous
Here is similar post I made: https://duck.co/topic/how-secure-is-secure.

--
I love programming and playing the piano.
I'm a moderator of duck.co, and the creator of Dumb Search.
posted by [Old Forum sean-anderson] • 7 years and 1 month ago Link
yegg
We will look into this. There is a speed tradeoff on ciphers for sure, such that there was a thread going on Hacker news on other places recently of why nginx ssl was so slow and it was using some really secure, but super slow ciphers by default.
posted by yegg Staff7 years and 1 month ago Link
caine
I am fixing this on my development machine now; it will then promptly propagate to the rest of the servers after that.


caine
@__nil
posted by caine Staff7 years and 1 month ago Link
anonymous
... its about time for browsers to let us use encryption on our websites without being asked to buy into into theold 90's CA marketing scam! ..
posted by [Old Forum guest] • 6 years and 7 months ago Link
anonymous
Was this ever fixed? It still scores a C and is "vulnerable to the BEAST attack".
posted by [Old Forum scepticrail] • 6 years and 7 months ago Link
yegg
Still in process -- though close to live.
posted by yegg Staff6 years and 7 months ago Link