Forum Discussion

bbaraniec

Luminary

Mar 31, 2015

Apache and openssl version RAIDiator 4.2.27.

Hi, Could anyone please tell me what are the versions of apache and openssl in RAIDiator 4.2.27.? Thank you in advance.

Other Discussions

Questions

bbaraniec

Luminary

Apr 01, 2015

I have been playing yesterday with https://www.ssllabs.com/ssltest.
With default settings I'm getting grade F!
With only one line of adjustments my grade was bumped to B.

This server does not mitigate the CRIME attack. Grade capped to B.
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers. MORE INFO »

The only think I can improve is generate new certificate with SHA2. Rest is limited by software.
Further more I can't use ECDH because it requires at least TLSv1.1.
Therefore a suggestion to improve apache security out of the box (disable NULL, aNULL, eNULL, DES3, MD5 maybe RC4 even) and I hope we can get attention of Jedi and updating Apache and openssl to decent version will be at least discussed.

Thoto
Tutor
Sep 09, 2015
Just installed 4.2.28[T6] on my pro pioneer.
Testing again at https://www.ssllabs.com showed that sslv3 is STILL ACTIVATED while release notes stated that it was disabled to cure the POODLE vulnerability

I won't elaborate on various other security holes reported (insecure Diffie-Hellman (DH) key exchange parameters (Logjam), 512-bit export suites (FREAK attack), no support for secure renegotiation...)

I think we need a security update as quickly as possible.
By the way, modern browsers start to refuse connection to servers that offer that kind of vulnerability.
For me, it's a major flaw for a cloud NAS.