User Controls

DNS failover to Newtotse

  1. #61
    Lanny Bird of Courage
    Originally posted by -SpectraL Your site needs to support a cipher that is available in Windows XP, which is why you are getting the cipher suite mismatch. Your SSL Labs test report lists the following ciphers:

    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) ECDH secp256r1 (eq. 3072 bits RSA) FS 112
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14) ECDH secp256r1 (eq. 3072 bits RSA) FS 256P
    (P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices)

    Here are the supported TLS cipher suites in Windows XP/Server 2003.

    TLS_RSA_WITH_RC4_128_MD5
    TLS_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_DES_CBC_SHA
    TLS_DHE_DSS_WITH_DES_CBC_SHA
    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
    TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
    TLS_RSA_EXPORT_WITH_RC4_40_MD5
    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
    TLS_RSA_WITH_NULL_MD5
    TLS_RSA_WITH_NULL_SHA
    https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx

    Your site won't work from Windows XP at all. You need to add one of the supported suites if you want to support Windows XP. The one most commonly used seems to be the aforementioned TLS_RSA_WITH_3DES_EDE_CBC_SHA.

    Honestly that list of suites looks pretty garbage. It's all DES or varians or RC4 which are both considered broken. If you're actually security conscious you should not be using browsers on a system that can't field secure SSL.
  2. #62
    Lanny Bird of Courage
    Originally posted by Helladamnleet As you can see from the SSL test, New Totse is actually MORE secure than NiS

    Do you understand how this "report" is generated?
  3. #63
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Lanny Honestly that list of suites looks pretty garbage. It's all DES or varians or RC4 which are both considered broken. If you're actually security conscious you should not be using browsers on a system that can't field secure SSL.

    Nonetheless, there are a reported 140 million boxes still using it.
  4. #64
    Originally posted by -SpectraL Nonetheless, there are a reported 140 million boxes still using it.

    I bet that's largely in applications like industrial controls, retail checkouts, telemetery systems, and the like.

    It's somewhat rare to hear of a lonely Windows XP user in the wild.

    Why don't you just install Linux?
  5. #65
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Issue313 I bet that's largely in applications like industrial controls, retail checkouts, telemetery systems, and the like.

    It's somewhat rare to hear of a lonely Windows XP user in the wild.

    Why don't you just install Linux?

    I've tried every operating system there is. I find XP to be the strongest, fastest, and most trouble-free. You keep a good rule-based firewall running, no port gets opened, no process gets started, no files get created, no files get deleted, unless approved through the enhancements. I do use KNOPPIX sometimes, for its convenience, since you don't even need a hard drive to run it, but that's about it.
  6. #66
    WE SMOOTH African Astronaut
    Originally posted by -SpectraL I've tried every operating system there is. I find XP to be the strongest, fastest, and most trouble-free. You keep a good rule-based firewall running, no port gets opened, no process gets started, no files get created, no files get deleted, unless approved through the enhancements. I do use KNOPPIX sometimes, for its convenience, since you don't even need a hard drive to run it, but that's about it.

    Weak ass nigga.. tell me this.. are you using a static public IP on your computer? Gay ass nigga..
  7. #67
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by WE SMOOTH Weak ass nigga.. tell me this.. are you using a static public IP on your computer? Gay ass nigga..

    Yus.
  8. #68
    Originally posted by -SpectraL I've tried every operating system there is. I find XP to be the strongest, fastest, and most trouble-free. You keep a good rule-based firewall running, no port gets opened, no process gets started, no files get created, no files get deleted, unless approved through the enhancements. I do use KNOPPIX sometimes, for its convenience, since you don't even need a hard drive to run it, but that's about it.

    Cool, whatever works for you.
  9. #69
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Issue313 Cool, whatever works for you.

    The last time I had to setup XP on this machine was 7 years ago. Not a single issue the entire time. Now that's trouble-free!
  10. #70
    Lanny Bird of Courage
    Originally posted by -SpectraL Nonetheless, there are a reported 140 million boxes still using it.

    Where are you getting this stat from? I'm not particularly saying it's wrong (although it does seem a bit high) but there are a lot of methodological issues in figuring out exactly how many computers running an OS. Dynamic IPs make actual box counts from website usage logs almost meaningless, lifespan estimation is almost meaningless in the developing world, everyone assumes <stats aggregator website that has numbers I like> somehow magically has unbiased usage logs when logging methodologies are almost never disclosed or abysmal when they are.

    Not that it really matters though, even if usage of insecure technology is pervasive supporting it in SSL (a technology with the express and singular purposes of security) is meaningless.

    You'll note I'm actually defending HDL's setup here. The main reason the Qualys doesn't consider the NiS SSL "A" grade (whatever that's supposed to mean) is because I chose to support older suites on the premise that modern browsers will never prefer weaker ones and in the situation where no "strong" suite is available it's better to permit a "weak" but unbroken suite than deny service. It's perfectly reasonable, however, to make the opposite decision as HDL has (well I mean cloud flare made that decision for him but w/e).
    The following users say it would be alright if the author of this post didn't die in a fire!
  11. #71
    Sophie Pedophile Tech Support
    Originally posted by Lanny You'll note I'm actually defending HDL's setup here. The main reason the Qualys doesn't consider the NiS SSL "A" grade (whatever that's supposed to mean) is because I chose to support older suites on the premise that modern browsers will never prefer weaker ones and in the situation where no "strong" suite is available it's better to permit a "weak" but unbroken suite than deny service. It's perfectly reasonable, however, to make the opposite decision as HDL has (well I mean cloud flare made that decision for him but w/e).

    That's the most sense anyone has made in this thread yet.
  12. #72
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Sophie That's the most sense anyone has made in this thread yet.

    Don't encourage him. He's supposed to be taking a break from this kind of shit.
  13. #73
    Sophie Pedophile Tech Support
    Originally posted by -SpectraL Don't encourage him. He's supposed to be taking a break from this kind of shit.

    How'd you get that idea?
  14. #74
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Sophie How'd you get that idea?

    He doesn't work weekends anymore.
  15. #75
    WE SMOOTH African Astronaut
    Originally posted by -SpectraL Yus.

    Just proved you don't know shit about computers nigga.
  16. #76
    Helladamnleet African Astronaut [impartially tyrannize that lentinus]
    Originally posted by Lanny Where are you getting this stat from? I'm not particularly saying it's wrong (although it does seem a bit high) but there are a lot of methodological issues in figuring out exactly how many computers running an OS. Dynamic IPs make actual box counts from website usage logs almost meaningless, lifespan estimation is almost meaningless in the developing world, everyone assumes <stats aggregator website that has numbers I like> somehow magically has unbiased usage logs when logging methodologies are almost never disclosed or abysmal when they are.

    Not that it really matters though, even if usage of insecure technology is pervasive supporting it in SSL (a technology with the express and singular purposes of security) is meaningless.

    You'll note I'm actually defending HDL's setup here. The main reason the Qualys doesn't consider the NiS SSL "A" grade (whatever that's supposed to mean) is because I chose to support older suites on the premise that modern browsers will never prefer weaker ones and in the situation where no "strong" suite is available it's better to permit a "weak" but unbroken suite than deny service. It's perfectly reasonable, however, to make the opposite decision as HDL has (well I mean cloud flare made that decision for him but w/e).

    From the sounds of it you care about SSL "grade" as much as I do.
  17. #77
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by WE SMOOTH Just proved you don't know shit about computers nigga.

    Maybe that's just what I want you to think.

    *taps head cleverly*
  18. #78
    This thread is pure cringe.

    Hella can you tell us a little about your setup? Do you need to pay for Cloudflare? Was it hard to setup? What sort of hosting do you have?
  19. #79
    Helladamnleet African Astronaut [impartially tyrannize that lentinus]
    Originally posted by Issue313 This thread is pure cringe.

    Hella can you tell us a little about your setup? Do you need to pay for Cloudflare? Was it hard to setup? What sort of hosting do you have?

    What exactly would you like to know? No, Cloudflare has a free option. No, it wasn't hard to set up. I host it privately on my own connection, mainly because most web hosts seem to have redonk terms of service that I just can't have a community like Totse being a part of.
  20. #80
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Helladamnleet What exactly would you like to know? No, Cloudflare has a free option. No, it wasn't hard to set up. I host it privately on my own connection, mainly because most web hosts seem to have redonk terms of service that I just can't have a community like Totse being a part of.

    What do you have against Lanny? Care to share?
Jump to Top