Re: The TLS Report

2008-07-13 Thread Eddy Nigg
Frank Hecker: > Note in that regard that the StartCom interface is actually not as > flexible as I'd like. It forced me to specify www.hecker.org as the CN > and hecker.org as a SAN, when I would have preferred it the other way > around, since hecker.org is now the canonical site name. > There are

Re: The TLS Report

2008-07-13 Thread Frank Hecker
Eddy Nigg wrote: > Also interesting choice of the CA, even though I realized > that you happen to change your server cert quite frequently ;-) Well, the price was a factor :-) However what I found even more important was support for SubjAltName and the ability to get a certificate for both heck

Re: The TLS Report

2008-07-12 Thread Eddy Nigg
Frank Hecker: > After regenerating the server private key (using a 2048-bit modulus), > getting a new certificate (from StartCom), and changing the server > ciphersuites, I managed to get a score of 84 (A), which matches the > highest scores reported for other sites: > Well done! Also interesting

Re: The TLS Report

2008-07-12 Thread Frank Hecker
Eddy Nigg (StartCom Ltd.) wrote: > Eddy Nigg (StartCom Ltd.): >> Frank Hecker: >>> I tried out my own site on it, and got a C. >> >> LOL, I got a A 80 :-) > > Actually it doesn't honor SAN DNS extension...but it's a cute utility. > Reached a A 82 as well, just need to use the CN value of the ce

Re: The TLS Report

2008-06-10 Thread Eddy Nigg (StartCom Ltd.)
Eddy Nigg (StartCom Ltd.): Frank Hecker: I tried out my own site on it, and got a C. LOL, I got a A 80 :-) Actually it doesn't honor SAN DNS extension...but it's a cute utility. Reached a A 82 as well, just need to use the CN value of the certificate.

Re: The TLS Report

2008-06-10 Thread Mohamad Badra
Mohamad Badra CNRS - LIMOS Laboratory Eddy Nigg (StartCom Ltd.) a écrit : > Frank Hecker: >> I tried out my own site on it, and got a C. I think you deserve better than Addy if you enable EDH based ciphersuites :) > > LOL, I got a A 80 :-) Bravo, better than Microsoft:) Best regards, Badra

Re: The TLS Report

2008-06-10 Thread Eddy Nigg (StartCom Ltd.)
Frank Hecker: I tried out my own site on it, and got a C. LOL, I got a A 80 :-) Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: Join the Revolution! Phone: +1.213.341.0390

The TLS Report

2008-06-10 Thread Frank Hecker
I saw this in an O'Reilly Radar posting and am surprised no one on this group has previously mentioned it: http://tlsreport.layer8.net/ I tried out my own site on it, and got a C. Unfortunately the site doesn't include a detailed guide to how the scoring is done, but I'm guessing I got marked