welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
Last name of the current Debian Project Leader

Edit

HeartBleedAfterMath

1. Heartbleed Aftermath

Fortunately HCoop wasn't hit by the OpenSSL Heartbleed bug. However this perhaps is an opportunity for some spring clean up.

These reports do not look good:

(Warning: their analyzer may need to run, and you might need to wait a while to see the actual report.)

Here's the status of navajos: it gets an F per the above SSL Labs report, because:

Deleuze is particularly problematic, because:

Since deleuze is scheduled to be decommissioned, we might want to focus on the remaining problems.

1.1. CA Certification

Problem: Browsers do not trust HCoop's self-signed certificate. Potential members might be scared away by big honking browser warnings. We might want to get a "proper" CA-signed certificate; perhaps a wildcard one. But these tend to be fairly expensive.

These are the choices at the moment, to solve the immediate problem in an inexpensive manner:

HCoop has plenty of funds on hand, opening up two other options

ClintonEbadi thinks that a Gandi wildcard certificate makes the most sense right now (easier, and providing organization information in a cert is of dubious value).

1.2. Perfect Forward Secrecy

Forward Secrecy is being advocated as a solution that offers stronger protection for private keys; evidently it is straightforward to enable with Apache.

See ticket #113.