[gtld-tech] TMCH: HIGHLY Insecure SSL config / certificates.

Wim Fabri wim_fabri at be.ibm.com
Fri Jun 26 08:35:46 UTC 2015

I've escalated this and will make sure this gets fixed asap.

Wim Fabri
IBM Belgium Integrated Technology Services.

From:   Alexander Mayrhofer <alexander.mayrhofer at nic.at>
To:     "gtld-tech at icann.org" <gtld-tech at icann.org>
Date:   26/06/2015 10:14
Subject:        [gtld-tech] TMCH: HIGHLY Insecure SSL config / 
Sent by:        gtld-tech-bounces at icann.org


it seems like the TMCH has rolled out a new certificate on the various 
marksdb.org interfaces. Besides the fact that the certificate now uses an 
intermediate cert that was not delivered with the chain (and hence made 
our TLS connect fail initially), we took a look at the general TLS 
configuration of the interfaces, and it seems that the TLS configuration 
is HIGHLY insecure at the moment:

https://www.ssllabs.com/ssltest/analyze.html?d=ry.marksdb.org (see 
"Protocol Details")

Could someone from the TMCH indicate whether they are working on fixing 
these serious issues? 


Tenzij hierboven anders aangegeven: / Sauf indication contraire ci-dessus: 
/ Unless otherwise stated above:

International Business Machines of Belgium sprl / bvba
Siège social / Maatschappelijke zetel: Avenue du Bourget 42 Bourgetlaan, 
B-1130 Bruxelles/Brussel
N° d'entreprise / Ondernemingsnr: TVA / BTW BE 0405 912 336
RPM Bruxelles / RPR Brussel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20150626/98f97c6d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 9417 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20150626/98f97c6d/smime-0001.p7s>

More information about the gtld-tech mailing list