+- Dolphin, the GameCube and Wii emulator - Forums (https://forums.dolphin-emu.org)
+-- Forum: Dolphin Site (https://forums.dolphin-emu.org/Forum-dolphin-site)
+--- Forum: Site Feedback and Questions (https://forums.dolphin-emu.org/Forum-site-feedback-and-questions)
+--- Thread: SSL 3.0, RC4, DES, 3DES, MD5 and SHA-1 - Old and busted encryption (/Thread-ssl-3-0-rc4-des-3des-md5-and-sha-1-old-and-busted-encryption)
SSL 3.0, RC4, DES, 3DES, MD5 and SHA-1 - Old and busted encryption - Oehr - 10-16-2014
https://www.ssllabs.com/ssltest/analyze.html?d=dolphin-emu.org
Obsolete SSL 3.0, without TLS as an alternative, along with the recent announcement of the POODLE attack, the website really needs a HTTPS upgrade:
Please disable SSL 3.0 entirely (to block downgrading from TLS) and add TLS 1.0 through 1.2 instead.
As for ciphers: All ciphers using RC4, DES, 3DES or MD5 (or a combination of those) are also considered broken and obsolete, so I suggest using only secure ciphers (that may also support perfect forward secrecy) whenever possible!
The certificate also needs an upgrade, as its still signed with SHA-1, which is also considered broken. Please do not just sign it again: Generate a new and longer key and sign that with SHA-2 (or SHA-3)
RE: SSL 3.0, RC4, DES, 3DES, MD5 and SHA-1 - Old and busted encryption - mbc07 - 10-16-2014
We already have a thread about that: https://forums.dolphin-emu.org/Thread-bad-ssllabs-report-for-dolphin-emu-org
Closed.