@RichFelker The news here is it effects any key that is used by such a server, and that 1/3rd of the servers they saw were effected.
Am I missing something? Sounds like only misconfigured servers still supporting SSLv2 are affected.https://twitter.com/matthew_d_green/status/704658092689121282 …
-
-
-
@pikhq Which leads to another question - why is anyone sharing a key between multiple servers?? -
@RichFelker Because it lets them spend less money on certs. Sigh. -
@pikhq Yeah, because N@letsencrypt certs cost N times as much as one@letsencrypt cert...
End of conversation
New conversation -
-
-
@RichFelker or servers that share a cert with another server supporting ssl2. the surprising thing is: this adds up to 1/3 of https servers -
@hanno Wow that's awful. Why is *any* server still supporting SSLv2? Or SSL at all?
End of conversation
New conversation -
-
-
@stribika Even if you also disable all the insecure ciphers?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.