Have Full HTTPS (as FetLife does), and drop the SHA1 Signed Certificate ASARP
Have Full HTTPS support (as FetLife does), and drop the SHA1 Signed Certificate ASARP.
Here is the SHA1 Diagnosis :
"SHAAAAAAAAAAAAA"
https://shaaaaaaaaaaaaa.com/check/xhamster.com
Check your site for weak SHA-1 certificates. Open source, by @konklone.
Dang.
xhamster.com is using SHA-1.
See the details at SSL Labs, or start over.
SSL certificates are signed using a one-way hash — usually SHA-1.
Which is too bad, because SHA-1 is becoming dangerously weak.
It's time to upgrade to SHA-2.
SHA-1 was first shown to be broken in 2005, and one estimate suggests that in 2014 it costs $1-2 million to forge a SHA-1 certificate. For some actors, that's nothing.
The only way to solve this is for everyone to turn off support for SHA-1. That curve is bending, but there's a long way to go.
Microsoft, Chrome, and Firefox all recently deprecated SHA-1, and plan to turn it off in 2017.
In fact, Chrome will start showing warnings over the next few months for any site using a SHA-1 certificate that expires in 2017.
Bill Stewart
shared this idea