[gtld-tech] TMCH: HIGHLY Insecure SSL config / certificates.

Alexander Mayrhofer alexander.mayrhofer at nic.at
Fri Jun 26 08:13:02 UTC 2015


it seems like the TMCH has rolled out a new certificate on the various marksdb.org interfaces. Besides the fact that the certificate now uses an intermediate cert that was not delivered with the chain (and hence made our TLS connect fail initially), we took a look at the general TLS configuration of the interfaces, and it seems that the TLS configuration is HIGHLY insecure at the moment:

https://www.ssllabs.com/ssltest/analyze.html?d=ry.marksdb.org (see "Protocol Details")

Could someone from the TMCH indicate whether they are working on fixing these serious issues? 


More information about the gtld-tech mailing list