Hello i routinely scan all https:// pages that i encounter with ssllabs ssl test, and the results for the domain dolphin-emu.org look really shocking.
https://www.ssllabs.com/ssltest/analyze....in-emu.org
This page uses a lot of weak and insecure ciphers:
Instead of TLS 1.2 or 1.1 we have the insecure and redundant SSL2
and finally some flaws that allow ddos attacks:
I think all these quoted things make using ssl redundant on this page and should be dealt with asap.
https://www.ssllabs.com/ssltest/analyze....in-emu.org
This page uses a lot of weak and insecure ciphers:
Quote: Cipher Suites (sorted by strength; the server has no preference)
[color=red]SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080) INSECURE 40[/color]
[color=red]SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080) INSECURE[/color] [color=red]40[/color]
[color=red]SSL_CK_DES_64_CBC_WITH_MD5 (0x60040) INSECURE[/color] [color=red]56[/color]
[color=#F88017]TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK[/color] [color=#F88017]56[/color]
[color=red]SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE[/color] [color=red]128[/color]
[color=red]SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080) INSECURE[/color] [color=red]128[/color]
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
[color=red]SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE[/color] [color=red]168[/color]
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
Instead of TLS 1.2 or 1.1 we have the insecure and redundant SSL2
Quote: Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 Yes
[color=red]SSL 2 INSECURE[/color][color=red] Yes[/color]
and finally some flaws that allow ddos attacks:
Quote: Protocol Details
[color=green]Secure Renegotiation[/color]
[color=green]Supported[/color]
[color=#F88017]Secure Client-Initiated Renegotiation[/color]
[color=#F88017]Supported DoS DANGER
[/color]
Insecure Client-Initated Renegotiation
No
[color=#F88017]BEAST attack[/color]
[color=#F88017]Not mitigated server-side[/color]
SSL 3: 0x9, TLS 1.0: 0x9
[color=red]TLS compression[/color]
[color=red]Yes INSECURE ([color=red]more info[/color])[/color]
RC4
Yes, but not used by modern browsers
[color=#F88017]Forward Secrecy[/color]
[color=#F88017]No NOT DESIRABLE ([color=#F88017]more info[/color])[/color]
Next Protocol Negotiation
No
[color=red]Session resumption[/color]
[color=red]No (IDs assigned but not accepted)[/color]
I think all these quoted things make using ssl redundant on this page and should be dealt with asap.