Announcement

We're EpicBrowser on Twitter and on Facebook. Email our Founder directly with questions as well: alok at hiddenreflex dot com
New Users: we've had to temporarily block new registrations due to spam. If you have a post or query, email it to Alok and he'll try to help you and or post it to the forum.

#1 2013-09-26 08:39:48

twelph
Guest

Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

According to Calomel. Is anyone else able to reproduce this?

TPSGav5.png

Offline

#2 2013-09-27 02:10:03

alok
Administrator

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

Haven't tried to reproduce, but have seen some of those assessments before.   

We're using an ECDHE method which supports PFS (perfect forward secrecy) which is the best standard in browser crypto to our knowledge.  Encrypted Google uses this, wikipedia too.  Smaller bit lengths via DHE methods are harder to crack than longer keys via other methods as well.  PFS is the best protection against general surveillance because even if you capture the data, it's hard to decrypt since there's not a single private key to figure out. 

Are there other options for PFS at least supported in chromium?  We could switch but we believe the current configuration is the strongest available (that's not horribly inefficient/slow).

Offline

#3 2013-10-06 13:07:28

twelph
Guest

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

The issue has been resolved. Firefox Beta Channel has finally allowed the Calomel SSL access to more in depth certificate information. It now recognizes your PFS implementation and gives you a higher score. Your current Ciphersuite is TLS_ECDHE_RSA_WITH_RC4_128_SHA . My recommendation is to test out TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as a compromise between maximum security and speed.

Offline

#4 2013-10-07 13:41:09

alok
Administrator

Re: Epicsearch SSL appears as "BROKEN OR UNTRUSTED"

Great!  Interesting thought on your recommended cipher - we'll investigate!  Thanks as always!!

Offline

Board footer