isvsecwatch

SSL configuration issues with Filemaker Community website

Discussion created by isvsecwatch on Sep 18, 2015

The Filemaker Community website has several issues with its SSL configuration;

  1. Bad cipher ordering, preferring static, older ciphers over the preferred ephemeral ECDHE ciphers. This means that most clients will not select the latter, that the site will not provide Forward Secrecy even though technically capable of doing so.
  2. The RC4 cipher is still active, even though it is widely considered weak, and being actively deprecated across the industry. In a few weeks, the SSL Server Test will give any site with RC4 an 'F', the lowest possible rating.

 

For further details, see the SSL Server Test results;

https://www.ssllabs.com/ssltest/analyze.html?d=community.filemaker.com

 

Please review your Apache configuration, and make the appropriate changes.

Outcomes