dorotaC  

ATTENTION server admins: #letsencrypt defaults to RSA signatures, which are vulnerable

thesslstore.com/blog/is-it-sti

I you upgrade your Fedora crypto policy, you'll see that:

```
sudo update-crypto-policies --set FUTURE
curl foo.bar/
curl: (60) SSL certificate problem: EE certificate key too weak
```

This guide shows how to set up ecdsa encryption:

eff-certbot.readthedocs.io/en/

1+
ruff
Follow

@dcz I'm using both with ecdsa set to be "preferred by server", however majority of connections end up with rsa. I understand attacker will always chose the weakest, but seems many client stacks cannot handle still dcsa.

· Web · 0 · 0 · 0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml