[jitsi-users] Server Certificate Chains & SRV Targets


#1

Hi!

I was tumbling over the test results from xmpp.net and was wondering
over the following problems:

xmpp.jit.si:5222

-> Problem in the trust chain
-> server needs to add/deliver the intermediate cert from godaddy, too
   "Error: Intermediate certificate was not included in the chain."
-> grad capped to F

swing.bluejimp.com:5222

-> prefered (!) SRV target
-> connection time out
-> what is that doing here anyway?

btw: can you switch to dnssec?

XMPP result:
  https://xmpp.net/result.php?id=103639

Also, the homepage itself shows the same problems (and some more).
Please refer to the results from ssllabs:

  https://www.ssllabs.com/ssltest/analyze.html?d=jit.si

You might also want to edit the prefered chipers for https and xmpp
server, bettercrypto.org shows an easy-to-use cipher string for that.

GoDaddy install instructions for the certificates of both services:

https://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate

Thanks for a great service!

Cheers,
Axel


#2

Hi,

does anyone feel responsible for that?

Aka "Jitsi is prone to Poodle by enabling SSLv3 support".

Thanks,
Axel

···

On 06.01.2015 17:18, Axel Hübl wrote:

Hi!

I was tumbling over the test results from xmpp.net and was wondering
over the following problems:

xmpp.jit.si:5222

-> Problem in the trust chain
-> server needs to add/deliver the intermediate cert from godaddy, too
   "Error: Intermediate certificate was not included in the chain."
-> grad capped to F

swing.bluejimp.com:5222

-> prefered (!) SRV target
-> connection time out
-> what is that doing here anyway?

btw: can you switch to dnssec?

XMPP result:
  https://xmpp.net/result.php?id=103639

Also, the homepage itself shows the same problems (and some more).
Please refer to the results from ssllabs:

  https://www.ssllabs.com/ssltest/analyze.html?d=jit.si

You might also want to edit the prefered chipers for https and xmpp
server, bettercrypto.org shows an easy-to-use cipher string for that.

GoDaddy install instructions for the certificates of both services:

https://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate

Thanks for a great service!

Cheers,
Axel

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

It's on our tasklist, thanks for the reminder

···

On Fri, Jan 9, 2015 at 2:56 PM, Axel Hübl <axel.huebl@web.de> wrote:

does anyone feel responsible for that?

--
Yasen Pramatarov
sysadmin, https://jitsi.org