[BlueOnyx:18540] Re: SSL Help please

[Michael Stauber]

Hi Colin,

> Cert comes up as valid but …
> 
> Your connection to london.co.uk is encrypted using an obsolete cipher suite. 
> Further, this page includes other resources which are not secure. 
> These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
> 
> The connection uses TLS 1.0.
> 
> The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

Yeah, two things here: TLS 1.0 really limits our options. The other
problem is that SHA1 for certs or intermediates is starting to get the
red flag. I'm not sure if browsers have already started to flag these as
invalid, or if that is still planned for the close future. If it has not
already happened, it'll happen soon.

So my suggestion would be to get another SSL certificate. When you
generate the cert request for it, clean out your /certs directory to
start with a fresh private key for the SSL certificate (just in case).
Once you get a new cert, you'll also get fresh intermediates. If they
still hand you a SHA1 intermediate, then it's likely that the SSL vendor
sucks. :p

-- 
With best regards

Michael Stauber