Last modified: 2012-02-20 20:12:22 UTC
We received a set of suggestions on OTRS about how the secure server should be improved. The user linked to the security tester (given in bug URL). I am not allowed to disclose the text of the email (#2011021210007633), but here is a brief summary of the suggestions: * Disable SSL2 since it is vulnerable, * Use at least 2048 bits for our RSA key, * Serve images through SSL (we already have a bug for it).
(In reply to comment #0) > * Disable SSL2 since it is vulnerable, I believe this is bug 24332. > * Serve images through SSL (we already have a bug for it). Bug 16822 and possibly another one I can't find atm.
Should we turn this into a tracking bug then?
I have split SSLv2 off to bug 29014 and am making this bug report about the RSA key length, so we have individual bug reports blocking the secure server tracking bug.
secure.wikimedia.org is now obsolete. We support SSL connection using the usual DNS entry such as https://en.wikipedia.org/ SSL2 is disabled. We use a 2048 bits RSA cert Images are served with HTTPS whenever needed.