@thomaszbz opened this Issue on June 26th 2015

You have a C rating at qualys. Please check out https://www.ssllabs.com/ssltest/analyze.html?d=piwik.org&hideResults=on

This looks totally insecure to me. Kick your hoster if he does not improve this.

Your certificate is valid 6 weeks from now. It would be a good idea to not only get a secure certificate but also a secure HTTPS implementation.

With Debian 8 stable, you'd easily get an A+ rating from qualys.

I strongly encourage to use the https-only strategy. User's won't even notice anything if it's done right.

Keep in mind that documentation can be security related (e.g. installation steps #8232) because MITM-compromised documentation will let users do insecure stuff.

@sgiehl commented on June 29th 2015 Member
@thomaszbz commented on June 29th 2015

I'd never give this proxy-service a private key...

This Issue was closed on June 29th 2015
Powered by GitHub Issue Mirror