Jump to content


Photo

HTTPS RC4 and Camellia


  • Please log in to reply
4 replies to this topic

#1 Lemming

Lemming

    Rubber Ducky

  • Vestrum
  • Pip
  • 7 posts

Posted 21 October 2014 - 17:47

Hi there,

 

I've problmes using this forum with https. My Firefox is configured to ignore ciphers with RC4 and that seems to be the problem...

"ssl_error_no_cypher_overlap" is the error I've got.

 

Taking a look into about:config reveals that camellia seems to be default off. Setting it true makes this site working again.

camellia.png

 

sslscan shows the supported ciphers:

  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA

  Prefered Server Cipher(s):
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA

Short for all firefox-users: disable RC4(!!) and switch to Camellia

 

Question for the staff: RC4 because of old browsers?

 


  • DiskJunky and subsevid like this

#2 Morten

Morten

    RTG Programmer

  • RTG Staff
  • 1058 posts
  • LocationOslo, Norway

Posted 21 October 2014 - 18:26

We're currently using the SSL that came with our hosting agreement.

At the moment there are no way for us to quickly alter the cipher of the our certificate, so we will have to take a look at this at a later time.

 

For now, I guess Firefox users should follow Lemming's suggestion and disable RC4 while switching to Camellia. :)

 

 

Thanks for bringing this to our attention.


  • DiskJunky likes this

Red Thread Games PR0grammer & Naturally Selected Part-Time "Keep Track of Forum"-person / Community Overseer


#3 sansnom

sansnom

    Rubber Ducky

  • Minstrum
  • Pip
  • 1 posts
  • LocationMarseille, France

Posted 24 October 2014 - 16:39

At the moment there are no way for us to quickly alter the cipher of the our certificate, so we will have to take a look at this at a later time.

 

Really ? Pretty damn simple in Apache to do so ! If I were you I would use the cipher list from Mozilla: https://wiki.mozilla...Server_Side_TLS

 

There is even a tool to create the configuration: https://mozilla.gith...nfig-generator/ (Same thing, if I were you, I would go with: Apache, Intermediate and no HSTS).

 

Or maybe you don't have the hand on your Apache configuration. In this case, too bad !

 

Note: It's the cipher used by the protocols TLS/SSL (it's not related to your SSL certificate).



#4 khh

khh

    Harbinger of the Balance

  • Moderator
  • 7107 posts
  • LocationNorway

Posted 24 October 2014 - 16:54

You're assuming that they're running a dedicated server, and not using a hosting service. I don't which it is, but if it's the latter that would explain the problems.


April Ryan is my friend,
Every sorrow she can mend.
When I visit her dark realm,
Does it simply overwhelm.


#5 Morten

Morten

    RTG Programmer

  • RTG Staff
  • 1058 posts
  • LocationOslo, Norway

Posted 24 October 2014 - 16:59

As khh mentioned, we are indeed using a hosting service.

As soon as I have the time I will contact our service provider to find out what we can change to fix this issue. As of now, we're kind of limited to what is provided to us by the service. :)


  • Tina, khh and DiskJunky like this

Red Thread Games PR0grammer & Naturally Selected Part-Time "Keep Track of Forum"-person / Community Overseer





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users