Topic: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

According to Calomel. Is anyone else able to reproduce this?

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

Haven't tried to reproduce, but have seen some of those assessments before.   

We're using an ECDHE method which supports PFS (perfect forward secrecy) which is the best standard in browser crypto to our knowledge.  Encrypted Google uses this, wikipedia too.  Smaller bit lengths via DHE methods are harder to crack than longer keys via other methods as well.  PFS is the best protection against general surveillance because even if you capture the data, it's hard to decrypt since there's not a single private key to figure out. 

Are there other options for PFS at least supported in chromium?  We could switch but we believe the current configuration is the strongest available (that's not horribly inefficient/slow).

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

The issue has been resolved. Firefox Beta Channel has finally allowed the Calomel SSL access to more in depth certificate information. It now recognizes your PFS implementation and gives you a higher score. Your current Ciphersuite is TLS_ECDHE_RSA_WITH_RC4_128_SHA . My recommendation is to test out TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as a compromise between maximum security and speed.

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

Great!  Interesting thought on your recommended cipher - we'll investigate!  Thanks as always!!