piwik.org https implementation is insecure #8233
Labels
duplicate
For issues that already existed in our issue tracker and were reported previously.
Comments
sgiehl
added
the
duplicate
|
See #7598 and isvsecwatch/httpstracker#22 |
|
I'd never give this proxy-service a private key... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You have a C rating at qualys. Please check out https://www.ssllabs.com/ssltest/analyze.html?d=piwik.org&hideResults=on
This looks totally insecure to me. Kick your hoster if he does not improve this.
Your certificate is valid 6 weeks from now. It would be a good idea to not only get a secure certificate but also a secure HTTPS implementation.
With Debian 8 stable, you'd easily get an A+ rating from qualys.
I strongly encourage to use the https-only strategy. User's won't even notice anything if it's done right.
Keep in mind that documentation can be security related (e.g. installation steps #8232) because MITM-compromised documentation will let users do insecure stuff.
The text was updated successfully, but these errors were encountered: