[SAC] Another SSL patch

Alex_M · May 20, 2015, 6:49am

Instructions for a fix and tester on
https://weakdh.org/sysadmin.html

Full story
http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/

Fix looks pretty straightforward.

Thanks,
--
Alex Mandel, PhD

Geography Graduate Group
University of California, Davis
http://geography.ucdavis.edu

Martin_Spott · May 21, 2015, 12:08pm

Hi all,

I chose the OSGeo Wiki as a testbed for improving TLS configuration on
Debian 6, please check if your browser still allows to log into the
Wiki via the encrypted page:

https://wiki.osgeo.org/index.php?title=Special:UserLogin

If nobody complains until Friday evening, then I'll port this config
over to all known OSGeo servers.

Fix looks pretty straightforward.

.... well, at least at the first glance

Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

Alex_M · May 23, 2015, 12:10am

On 05/21/2015 05:08 AM, Martin Spott wrote:

Hi all,

I chose the OSGeo Wiki as a testbed for improving TLS configuration on
Debian 6, please check if your browser still allows to log into the
Wiki via the encrypted page:

https://wiki.osgeo.org/index.php?title=Special:UserLogin

If nobody complains until Friday evening, then I'll port this config
over to all known OSGeo servers.

Fix looks pretty straightforward.

.... well, at least at the first glance

Cheers,
Martin.

I got a complaint from Cameron today. Maybe he can provide more details.

Thanks,
Alex

Alex_M · May 23, 2015, 3:07am

On 05/22/2015 05:20 PM, Cameron Shorter wrote:

Hi,
Details of issue I've just discovered:

Go to any OSGeo wiki page.
Try to log in. You probably won't be able to do this.
If you can, try to edit a wiki page. You will probably get an error
message “This webpage has a redirect loop”

Warm regards, Cameron

On 23/05/2015 10:10 am, Alex Mandel wrote:

On 05/21/2015 05:08 AM, Martin Spott wrote:

Hi all,

I chose the OSGeo Wiki as a testbed for improving TLS configuration on
Debian 6, please check if your browser still allows to log into the
Wiki via the encrypted page:

https://wiki.osgeo.org/index.php?title=Special:UserLogin

If nobody complains until Friday evening, then I'll port this config
over to all known OSGeo servers.

Fix looks pretty straightforward.

.... well, at least at the first glance

Cheers,
Martin.

I got a complaint from Cameron today. Maybe he can provide more details.

Thanks,
Alex