tls – Qualis SSL Scan weak cipher suites which are secure according to ciphersuite.info

The information on ciphersuite.info is not presented in the clearest of ways. Let’s have a look at their FAQ:

What does insecure, weak, secure and recommended mean?

Weak

These ciphers are old and should be disabled if you are setting up a new server for example. Make sure to only enable them if you have a special use case where support for older operating systems, browsers or applications is required.

Secure

Secure ciphers are considered state-of-the-art and if you want to secure your web server you should certainly choose from this set. Only very old operating systems, browsers or applications are unable to handle them.

Recommended

All ‘recommended’ ciphers are ‘secure’ ciphers by definition. Recommended means that these ciphers also support PFS (Perfect Forward Secrecy) and should be your first choice if you want the highest level of security. However, you might run into some compatibility issues with older clients that do not support PFS ciphers.

So to be frank: Weak means these have problems and should be avoided at all cost. Only enable these if you know you really really have to. Secure means they’re not technically broken, but they also don’t offer any desirable features. Recommended means these are the ones you should actually use.

I would disagree with their statement about incompatibility. The only clients that do not support modern ciphers are already outdated clients and no longer supported anyways. These clients should be dropped unless you have a very good reason to support them.

Why are these ciphers in particular considered weak?

As Soufiane Tahiri pointed out in his answer, CBC ciphers and RSA ciphers are not considered state-of-the-art anymore.

CBC ciphers have quite a lot of problems, such as the mentioned Lucky 13 attack, or other side-channel attacks. CBC also violates Moxie Malinspike’s Cryptographic Doom Principle:

If you have to perform any cryptographic operation before verifying the MAC on a message you’ve received, it will somehow inevitably lead to doom.

GCM, for instance, does not violate this principle, so it is vastly preferred.

RSA on the other hand does not support forward secrecy, which is a VERY useful feature when it comes to cryptography. Basically, with RSA, the server sends its public key, the client generates a random secret, encrypts it with the public key and sends it back to the server. The server then decrypts it with its private key. The following graphic from the Cloudflare Blog illustrates it well:

RSA Key Exchange

While this looks simple and secure, it does have one glaring weakness: If an attacker captures the initial key exchange and later gets the private key in some way, the can decrypt the previously captured traffic.

Cipher suites which support forward secrecy work in a different way. Instead of transmitting the secret over the wire, a key exchange protocol like Diffie-Hellman is used, in which the actual secret to be used is generated through mathematical means. I’ll leave it up to the reader to see how it works exactly. The advantage is that the secret is ephemeral, meaning that it exists only for one session and that’s it. Even with access to the private key and the entire communication, the secret cannot be determined. Furthermore, if the secret key used in one session is compromised, other sessions are still secure.

So what does this all mean?

In simple terms: Don’t use cipher suites that Qualis SSL scan claims to be weak. You have no advantages in doing so.

ssl certificate – Apache 2 421 Misdirected request using lets encrypt/certbot

Server Ubuntu 20.04LTS
Apache Version 2.4.41

I use this server to host multiple domain (example.com, example.it)

I have created different SSL Keys for both domain and all their subdomain like xyz.example.com and xyz.example.it

If I add a dot after the domain (example.com.) in address bar I get this 421 Misdirect request error.

The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.

This is given because of this:

This server could not prove that it is example.com.; its security certificate is from xyz.example.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

I don’t understand the motivation with this SSLCertificate mismatch.
How can this be solved?

ubuntu – Certbot SSL renew give me an error message

I’ve an automatic renew for my SSL cert via CertBot.

Today, I’ve a error when I executed sudo certbot renew --dry-run

Here’s the message:

Attempting to renew cert (domain.ca) from /etc/letsencrypt/renewal/domain.ca.conf
produced an unexpected error: Failed authorization procedure. domain.ca (http-01):
urn:ietf:params:acme:error:connection :: The server could not connect to the client
to verify the domain :: Fetching https://domain.ca.well-known/acme-challenge/OBX6doDYpm-QwzI-1D1Fq5MHm1dTFlG99c4Gy-hLFyw:
Invalid host in redirect target "domain.ca.well-known".
Check webserver config for missing "https://serverfault.com/" in redirect target.. Skipping.

I’m pretty new on this system and I probably miss something here.

Anyone can support me with this please ?

Thanks a lot in advance.

tls – SSL handshake – what is the purpose of the finishedClient message?

I am having some difficulties in understanding why is the finishedClient needed.

In case an attacker attempts an attack like a replay attack, it will show immediately that the attacker wasn’t able to derive the correct set of keys.

However, this would be evident even without this message as the attacker wouldn’t be able to encrypt and decrypt messages.

Is that the reason for this message, or is there another reason? What can we learn from this message that we wouldn’t have learned without it?

$1 Unlimited Hosting | 50% Off | Free SSL

Powerful, high speed and budget web hosting for your websites. Now host your website with us on our high quality SSD servers. Find a fully inclusive, Unlimited Shared Hosting at a good price can feel impossible and time consuming. Also there are many cheap hosting providers and there are many people that claim to be able to offer you a Unlimited Shared Hosting but Raisinghost is best in among all.

Promo for 50% off : SPECIAL50

Why Us :

Easy and friendly control panel named cPanel
30 Day Money Back Guarantee
24/7/365 Technical Support
99.9% Uptime Guarantee
20x Times Faster Solid-State Drive Storage
MariaDB (MySQL)
Multiple PHP Versions
Daily Incremental Backups
Softaculous Auto Installer
FREE Website Builder (SitePad)
FREE Unlimited SSL Certificates (Let’s Encrypt)
Free Auto SSL
FREE cPanel/WHM Migration
Email routing through mail channels
On Demand SSH Access
and much more!

Get Deal : https://www.raisinghost.com/

Thank you.

Cheap SSD Hosting @ $1 | FREE SSL | Daily Backups | Free Migration

Now host your websites on our 20x times fast SSD servers with high resourced hosting plans. We have multiple high quality dedicated servers with best networking, and infrastructure equipment to ensure the high reliability with 99.9% uptime guarantee. No Hidden Fee also 30 days money back guarantee.

Web Hosting Plans can suit with your requirement :

>> Economy-SSD : $1/Month

Double Domain Hosting
3GBSSD Web Space
Unlimited Bandwidth
100% CPU
Unlimited Email Accounts
Unlimited Sub Domains
1 Addon Domains
Unlimited FTP Accounts
Unlimited MySql Databases
Unlimited Mailing List
99.99% uptime
Softacolous Supported

>> Value-SSD : $2/Month

Five Domain Hosting
8GBSSD Web Space
Unlimited Bandwidth
100% CPU
Unlimited Email Accounts
Unlimited Sub Domains
4 Addon Domains
Unlimited FTP Accounts
Unlimited MySql Databases
Unlimited Mailing List
99.99% uptime
Softacolous Supported

>> Deluxe-SSD : $5/Month

30 Domain Hosting
25GBSSD Web Space
Unlimited Bandwidth
100% CPU
Unlimited Email Accounts
Unlimited Sub Domains
29 Addon Domains
Unlimited FTP Accounts
Unlimited MySql Databases
Unlimited Mailing List
99.99% uptime
Softacolous Supported

>> Ultimate-SSD : $8/Month

Unlimited Domain Hosting
55GBSSD Web Space
Unlimited Bandwidth
100% CPU
Unlimited Email Accounts
Unlimited Sub Domains
Unlimited Addon Domains
Unlimited FTP Accounts
Unlimited MySql Databases
Unlimited Mailing List
99.99% uptime
Softacolous Supported

More Details : https://raisinghost.com/cheap-ssd-hosting.php

Thank you.

CHRISTMAS SALE | 60% OFF | Web Hosting | Free SSL

Enjoy 60% flat and 40% recurring discount with this Christmas 2020. It’s the right time to switch with a quality hosting provider where you will get the best resources and cheaper pricing. So now host your websites on our fast SSD server with Unlimited Hosting Plans and 24×7 technical support. Our top priority is to provide the best website hosting experience to our clients at an affordable cost starting from half dollar per month. No contracts or hidden fees also we offer a 30-day money-back guarantee.

Also, our Christmas deals will offer you high-quality services at a reasonable price and our basic plan will charge you for $4/year where you will get unlimited space and bandwidth.

Xmas and New year Promo codes:

XMAS60: 60% Flat Discount for all shared, reseller, and WordPress hosting plans
XMAS40: 40% Lifetime off for all shared, reseller, and WordPress hosting plans

Features offered with hostpoco.com:

~ CloudLinux OS
~ NVMe SSD storage
~ Apache Webserver
~ Raid-10
~ 1GB/s connection speed .
~ cPanel
~ JetBackups
~ Weekly/ Daily backups
~ Auto script installer – Softaculous Pro.
~ 99.9% uptime guarantee.
~ Cloudflare
~ SitePro Website Builder
~ Powerful Attracta SEO Tools
~ Imunify360 – Web Server Security Ultimate Solution
~ Website Templates
~ MailChannels
~ Ruby on Rails
~ ModSecurity
~ MultiPHP Manager
~ SitePad Builder
~ 30 days moneyback guarantee.
~ 24/7 Helpdesk
~ Free SSL certificates- Let’s Encrypt
~ Free site migration

More info: https://hostpoco.com/deals/

Thank you.

Stable & Fast Shared Hosting, USA Servers, Free SSL, Instant Support, $6/year

Hostbazzar.com is offering professional, budget and quality shared hosting service at a very affordable cost starting from half dollar per month. We are confident that we can provide nearly instant support to all users if they have any problem and can fix with the priority. We are available on the 24/7/365 days basis to ensure that all websites hosted with us have practically zero down time and highest uptime.

We operates on our own servers and not sharing our resources(CPU, RAM, IPs, bandwidth) with any other company also have cloudlinux installed on our servers. Therefore we can quickly install additional software and troubleshoot if any problem happens and make the needful changes.

We also offer 30 day money back guarantee for all clients. Full unconditional refund will be given immediately for any refund request.

50% Hosting Promo : 50HB

Available Shared Hosting Plans:

> LS-HB1 : $0.5/mo

Unlimited Traffic
Unlimited Web Space
1 Site can be hosted
MySQL Database : 2
Single Click Script Installer

> LS-HB2 : $1.0/mo

Unlimited Traffic
Unlimited Web Space
2 Sites can be hosted
MySQL Database : 4
Single Click Script Installer
Shell Access Available

> LS-HB3 : $2.5/mo

Unlimited Traffic
Unlimited Web Space
10 Sites can be hosted
9 Addon Domains
MySQL Database : 15
Single Click Script Installer
Shell Access Available

> LS-HB4 : $4.5/mo

Unlimited Traffic
Free Single Domain
Unlimited Web Space
Unlimited Sites can be hosted
Unlimited Addon Domains
MySQL Database Unlimited
Single Click Script Installer
Shell Access Available

Order Now : https://hostbazzar.com/linux_shared_hosting.php

Our valuable reviews can be found : https://hostadvice.com/hosting-company/h…r-reviews/

Thank you for reading our offers!

cPanel Hosting Started from $1| Free SSL| SSD Storage| Free Migration| Free Backup

Finding a fully inclusive, stable and Unlimited Shared Hosting at a good price can feel impossible. Sure, there are many cheap server providers out there, and there are many people that claim to be able to offer you a Unlimited Shared Hosting but hostbazzar.com is perfect than others as we have ssd hosting servers with high resource servers.

Key Features Of cheap ssd hosting:

10 Gbps DDoS Protection Available
24X7x365 Live Chat, and Technical Support 24×7
99.9% Network Uptime Guarantee
MailChannels for outgoing emails
SSD Storage
No Setup Fee
Unlimited Bandwidth
FREE site Migrations
FREE Softaculous
Daily Backups
Free SSL Certificates
30 Day Money Back Guarantee

SD-HB1 – $1/Month

5 GB SSD Space
2 Website Hosting
Free SSL Certificates
Free Migration
1 Addon domain
Unlimited Bandwidth
Unlimited Email Accounts
Daily Backup
Shell Access
Softaculous

SD-HB2 : $3/mo

20 GB SSD Space
10 Website Hosting
Free SSL Certificates
Free Migration
09 Addon domain
Unlimited Bandwidth
Unlimited Email Accounts
Daily Backup
Shell Access
Softaculous

SD-HB3 : $5/mo

50 GB SSD Space
Free Single domain registration
Unlimited Website Hosting
Free SSL Certificates
Free Migration
Unlimited Addon domain
Unlimited Bandwidth
Unlimited Email Accounts
Daily Backup
Shell Access
Softaculous

Server Location: US, France, Canada

$1 SSD Hosting – Order Now : https://hostbazzar.com/ssd_shared_hosting.php

Thanks for your valuable time.

[Dreamwebhosts] – $1 Linux Web Hosting | Free SSL & Domain

DreamWebHosts is a premium hosting provider that provides web hosting solutions of all types. We make sure your website is fast, secure, and always up so that you stay focused on what you do best. We offer everything that you need to build, host, and manage a website. Our top priority is to provide the best website hosting experience to our clients at an affordable cost.

Quote:Save 50% on Linux web hosting plans. Enter promo code DWHSTARTUP50 during checkout. Renewal would be at a regular price.

Server Locations: United States

Below is the list of SSD Hosting plans:-

Starter Plan:-
Host 1 Domain
5 GB SSD Space
50 GB Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
10 Databases
>>>> Price: $1.00 /month – Buy Now

Advance Plan:-
Host Multiple Domains
10 GB SSD Space
100 GB Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
30 Databases
>>>> Price: $2.99 /month – Buy Now

Ultimate Plan:-
Host Unlimited Domains
Free Domain (For Annual Subscription)
25 GB SSD Space
Unlimited Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
Unlimited Databases
>>>> Price: $4.99 /month – Buy Now

Free Add-ons provided with all plans:-

SSL Certificate

  • Sectigo Domain SSL – $7.80 /yr
  • Let’s Encrypt SSL – Free


Website Backup Service
Contact us: (email protected)
Payment Methods: Paypal, Credit Card and Master Card
Billing and Guarantee: No contracts or hidden fees. We even offer a 30-day money-back guarantee.
__________________
DreamWebHosts | Best And Affordable Web Hosting Provider
Hosting: Shared | Reseller
VPS Server: Linux VPS | DirectAdmin VPS | Plesk VPS | cPanel VPS | Storage VPS
Addons: Block Storage | SSL Certificates

Dreamwebhosts is Best and affordable Web Hosting Provider. Get Unlimited Space, Bandwidth, Free Domain, SSL, 24×7 Support and 30 days Money Back.