Outdated cryptography

[hanginyaker]

When using google chrome i get a message that this site is using obsolete cryptographyCapture.PNG.

[seanhogge]

When using google chrome i get a message that this site is using obsolete cryptographyCapture.PNG.

On bleeding edge Chromium (the browser that Chrome is based on and updated less frequently), I show that the SSL certificate is valid, signed and uses TLS 1.0 and AES 256. While this is not the be all and end all of server-client encryption, it's plenty for a forum site. Of course, the encryption almost shouldn't matter since you're not using a forum password that matches your email or banking passwords. Which everyone is avoiding, right? We're not using our super-secure credentials to authenticate on potentially less-secure portals like forum sites and cottage vendor sites. We would never do that, because we're educated modern people. So if you're doing that, stop it immediately.

Also, that warning on that specific thread might be caused by a non-secure CDN (content delivery network). If so, you have little to worry about as there's only basic header negotiation happening there, so it's effectively one-way. As long as you're not getting scripts delivered via that CDN your risk is minimal (it's never zero).

[muckypops]

On bleeding edge Chromium (the browser that Chrome is based on and updated less frequently), I show that the SSL certificate is valid, signed and uses TLS 1.0 and AES 256. While this is not the be all and end all of server-client encryption, it's plenty for a forum site. Of course, the encryption almost shouldn't matter since you're not using a forum password that matches your email or banking passwords. Which everyone is avoiding, right? We're not using our super-secure credentials to authenticate on potentially less-secure portals like forum sites and cottage vendor sites. We would never do that, because we're educated modern people. So if you're doing that, stop it immediately.

Also, that warning on that specific thread might be caused by a non-secure CDN (content delivery network). If so, you have little to worry about as there's only basic header negotiation happening there, so it's effectively one-way. As long as you're not getting scripts delivered via that CDN your risk is minimal (it's never zero).

What he said.... thanks for handling that. I was just composing my reply when yours popped up. Great work.

[seanhogge]

What he said.... thanks for handling that. I was just composing my reply when yours popped up. Great work.

'Tweren't no trouble, sir. Glad to see another techhead 'round here.