as the mod closed the old thread instead of merging, here is the post again to continue the discussion:
SSL 3.0, RC4, DES, 3DES, MD5 and SHA-1 - Old and busted encryption
https://www.ssllabs.com/ssltest/analyze.html?d=dolphin-emu.org
Obsolete SSL 3.0, without TLS as an alternative, along with the recent announcement of the POODLE attack, the website really needs a HTTPS upgrade:
Please disable SSL 3.0 entirely (to block downgrading from TLS) and add TLS 1.0 through 1.2 instead.
As for ciphers: All ciphers using RC4, DES, 3DES or MD5 (or a combination of those) are also considered broken and obsolete, so I suggest using only secure ciphers (that may also support perfect forward secrecy) whenever possible!
The certificate also needs an upgrade, as its still signed with SHA-1, which is also considered broken. Please do not just sign it again: Generate a new and longer key and sign that with SHA-2 (or SHA-3)
Additional reasons as to why this should be done real soon, aside from the obvious and dangerous security flaw:
1. Recent news (POODLE attack) have made this a much more pressing issue (its basically SSL 3.0's final nail in its coffin)
2. The situation from back when this thread was opened worsened: TLS 1.0 is NOT supported anymore for whatever reason. Only the highly insecure and flawed SSL 3.0 is.*
3. Browsers will probably drop SSL3 support soon or at least be shipped with it disabled.
SSL 3.0, RC4, DES, 3DES, MD5 and SHA-1 - Old and busted encryption
https://www.ssllabs.com/ssltest/analyze.html?d=dolphin-emu.org
Obsolete SSL 3.0, without TLS as an alternative, along with the recent announcement of the POODLE attack, the website really needs a HTTPS upgrade:
Please disable SSL 3.0 entirely (to block downgrading from TLS) and add TLS 1.0 through 1.2 instead.
As for ciphers: All ciphers using RC4, DES, 3DES or MD5 (or a combination of those) are also considered broken and obsolete, so I suggest using only secure ciphers (that may also support perfect forward secrecy) whenever possible!
The certificate also needs an upgrade, as its still signed with SHA-1, which is also considered broken. Please do not just sign it again: Generate a new and longer key and sign that with SHA-2 (or SHA-3)
Additional reasons as to why this should be done real soon, aside from the obvious and dangerous security flaw:
1. Recent news (POODLE attack) have made this a much more pressing issue (its basically SSL 3.0's final nail in its coffin)
2. The situation from back when this thread was opened worsened: TLS 1.0 is NOT supported anymore for whatever reason. Only the highly insecure and flawed SSL 3.0 is.*
3. Browsers will probably drop SSL3 support soon or at least be shipped with it disabled.