Jul 26, 2025 - 10:00 PMDeutsch | English
Hello unlogged user [ Register | Log in ]

Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
damentz
Post subject: SSL Labs Gives kanotix.com An F  PostPosted: Aug 28, 2023 - 03:04 AM



Joined: Dec 01, 2006
Posts: 14

https://www.ssllabs.com/ssltest/analyze ... anotix.com

Below are all the issues.

Quote:
This server supports SSL 2, which is obsolete and insecure, and can be used against TLS (DROWN attack). Grade set to F.
This server supports insecure cipher suites (see below for details). Grade set to F.
This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F.
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F.
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
This server does not mitigate the CRIME attack. Grade capped to C.
The server supports only older protocols, but not the current best TLS 1.2 or TLS 1.3. Grade capped to C.
This server accepts RC4 cipher, but only with older protocols. Grade capped to B.
There is no support for secure renegotiation.
This server does not support Forward Secrecy with the reference browsers. Grade capped to B.
This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B.
This server supports TLS 1.0. Grade capped to B.
 
 View user's profile Send private message  
Reply with quote Back to top
DeepDayze
Post subject: RE: SSL Labs Gives kanotix.com An F  PostPosted: Aug 28, 2023 - 03:36 AM



Joined: Dec 08, 2005
Posts: 300

There seems to have been no updates to the site in a long time.
 
 View user's profile Send private message  
Reply with quote Back to top
damentz
Post subject: RE: SSL Labs Gives kanotix.com An F  PostPosted: Aug 28, 2023 - 03:54 PM



Joined: Dec 01, 2006
Posts: 14

That's an understatement, from SSL Labs, the HTTP signature:
Code:
Apache/2.2.3 (Debian) PHP/5.2.0-8+etch16 mod_ssl/2.2.3 OpenSSL/0.9.8c


Debian Etch had its last update in 2010. This is negligent, I'd assume this server has been compromised for years and is part of a botnet.
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT + 1 Hour
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by PNphpBB2 © 2003-2007 The PNphpBB Group
Credits
 
Deutsch | English
Logos and trademarks are the property of their respective owners, comments are property of their posters, the rest is © 2004 - 2006 by Jörg Schirottke (Kano).
Consult Impressum and Legal Terms for details. Kanotix is Free Software released under the GNU/GPL license.
This CMS is powered by PostNuke, all themes used at this site are released under the GNU/GPL license. designed and hosted by w3you. Our web server is running on Kanotix64-2006.