[jitsi-users] Request to disable sslv3


#1

Hello All,

Could sslv3 be disabled on meet.jit.si?

I think this site is under the control of Jitsi people and not the
university so hopefully it's an easy fix.

Pretty soon Google's Chrome won't support sslv3 so there's not really
a reason to keep it enabled.

https://www.ssllabs.com/ssltest/analyze.html?d=meet.jit.si

See https://cipherli.st/ on how to disable sslv3 in Nginx but
basically you're removing sslv3 so the protocols will look like:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Best,
jungle

···

--
-------
inum: 883510009027723
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si


#2

Could sslv3 be disabled on meet.jit.si?

Yes, thanks for the reminder.

https://www.ssllabs.com/ssltest/analyze.html?d=meet.jit.si

It's A+ now.

basically you're removing sslv3 so the protocols will look like:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

In our case it was more an issue with the ciphers order, because ssl has
already been disabled.
But anyway, it's all ok now.

Happy holidays,

···

On Sat, Dec 27, 2014 at 10:22 PM, jungle Boogie <jungleboogie0@gmail.com> wrote:
--
Yasen Pramatarov
sysadmin, https://jitsi.org


#3

Hi Yasen,

Could sslv3 be disabled on meet.jit.si?

Yes, thanks for the reminder.

https://www.ssllabs.com/ssltest/analyze.html?d=meet.jit.si

It's A+ now.

Thanks for acting so quickly to get this completed!

basically you're removing sslv3 so the protocols will look like:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

In our case it was more an issue with the ciphers order, because ssl has
already been disabled.
But anyway, it's all ok now.

Oh, perfect!

Happy holidays,
--
Yasen Pramatarov
sysadmin, https://jitsi.org

Best,
jungle

···

On 28 December 2014 at 05:40, Yasen Pramatarov <yasen@bluejimp.com> wrote:

On Sat, Dec 27, 2014 at 10:22 PM, jungle Boogie <jungleboogie0@gmail.com> > wrote:

--
-------
inum: 883510009027723
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si