<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Jaak,<div class=""><br class=""></div><div class="">Take a look now.</div><div class=""><br class=""></div><div class="">I’ve upgraded the HTTP server to avoid SSLv3 and RC4. Had to explicitly add TLS 1.0. And specifically added support for TLS 1.1 and 1.2. That means we have limited support for Windows XP users. If we have problems I may need to add SSLv3 and RC4 back in as a fall back for them.</div><div class=""><br class=""></div><div class="">The only thing keeping us from A+ is HSTS.</div><div class=""><br class=""></div><div class="">DM</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Feb 15, 2016, at 4:14 PM, DM Smith <<a href="mailto:dmsmith@crosswire.org" class="">dmsmith@crosswire.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I tried to fix this the other day, and will shortly. But the server locked up twice in that day. So I’ve backed out my changes (a one-liner for this issue) and am doing them one at a time. I hope to have that solved within a week.<div class=""><br class=""></div><div class="">In Him,</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>DM</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Feb 15, 2016, at 3:44 PM, Jaak Ristioja <<a href="mailto:jaak@ristioja.ee" class="">jaak@ristioja.ee</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">The Qualys SSL Labs SSL Server test gives<span class="Apple-converted-space"> </span></span><a href="http://crosswire.org/" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">crosswire.org</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><span class="Apple-converted-space"> </span>a C rating</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">mainly due to supporting SSLv3 and the RC4 cipher.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="https://www.ssllabs.com/ssltest/analyze.html?d=crosswire.org&hideResults=on" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">https://www.ssllabs.com/ssltest/analyze.html?d=crosswire.org&hideResults=on</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Blessings,</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Jaak</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">On 15.02.2016 20:11, DM Smith wrote:</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Went with LetsEncrypt. It should be proper for the entire<span class="Apple-converted-space"> </span><a href="http://crosswire.org/" class="">crosswire.org</a><br class=""><<a href="http://crosswire.org/" class="">http://crosswire.org</a>> web. If you see a problem or have a question, let<br class="">me know.<br class=""><br class="">In Him,<br class="">DM Smith<br class=""><br class=""><blockquote type="cite" class="">On Feb 12, 2016, at 5:30 PM, Matěj Cepl <<a href="mailto:mcepl@cepl.eu" class="">mcepl@cepl.eu</a><br class=""><<a href="mailto:mcepl@cepl.eu" class="">mailto:mcepl@cepl.eu</a>>> wrote:<br class=""><br class="">On 2016-02-12, 19:28 GMT, David Haslam wrote:<br class=""><blockquote type="cite" class="">Even so, this is the way browsers are moving!<br class=""><br class="">The sooner we can move away from self signed the better.<br class=""></blockquote><br class="">Certainly, I see two ways out:<br class=""><br class=""> * <a href="https://letsencrypt.org/" class="">https://letsencrypt.org/</a> … I have never tried it, so<br class=""> I am not sure how really difficult it is, but it is<br class=""> supposed to be the free way how to get working and<br class=""> supported certificate for a website<br class=""><br class=""> * I use personally certificate from<br class=""> <a href="https://www.startssl.com/" class="">https://www.startssl.com/</a> For me the price is US$60/two<br class=""> year certificate, not sure whether the company would be<br class=""> willing to give some discount for non-profit/religious<br class=""> organization, or we would be satisfied with the free<br class=""> certificate (one domain only, no wildcard).<br class=""><br class="">Best,<br class=""><br class="">Matěj<br class=""><br class="">--<span class="Apple-converted-space"> </span><br class=""><a href="https://matej.ceplovi.cz/blog/" class="">https://matej.ceplovi.cz/blog/</a>, Jabber:<span class="Apple-converted-space"> </span><a href="mailto:mcepl@ceplovi.cz" class="">mcepl@ceplovi.cz</a><br class=""><<a href="mailto:mcepl@ceplovi.cz" class="">mailto:mcepl@ceplovi.cz</a>><br class="">GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC<br class=""><br class="">[...] a superior pilot uses his superior judgment to avoid having to<br class="">exercise<br class="">his superior skill.<br class="">--<br class=""><a href="http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653" class="">http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653</a><br class=""><br class=""><br class="">_______________________________________________<br class="">sword-devel mailing list:<span class="Apple-converted-space"> </span><a href="mailto:sword-devel@crosswire.org" class="">sword-devel@crosswire.org</a><br class=""><<a href="mailto:sword-devel@crosswire.org" class="">mailto:sword-devel@crosswire.org</a>><br class=""><a href="http://www.crosswire.org/mailman/listinfo/sword-devel" class="">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br class="">Instructions to unsubscribe/change your settings at above page<br class=""></blockquote><br class=""><br class=""><br class="">_______________________________________________<br class="">sword-devel mailing list:<span class="Apple-converted-space"> </span><a href="mailto:sword-devel@crosswire.org" class="">sword-devel@crosswire.org</a><br class=""><a href="http://www.crosswire.org/mailman/listinfo/sword-devel" class="">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br class="">Instructions to unsubscribe/change your settings at above page<br class=""><br class=""></blockquote><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">sword-devel mailing list:<span class="Apple-converted-space"> </span></span><a href="mailto:sword-devel@crosswire.org" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">sword-devel@crosswire.org</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="http://www.crosswire.org/mailman/listinfo/sword-devel" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Instructions to unsubscribe/change your settings at above page</span></div></blockquote></div><br class=""></div></div>_______________________________________________<br class="">sword-devel mailing list: <a href="mailto:sword-devel@crosswire.org" class="">sword-devel@crosswire.org</a><br class=""><a href="http://www.crosswire.org/mailman/listinfo/sword-devel" class="">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br class="">Instructions to unsubscribe/change your settings at above page</div></blockquote></div><br class=""></div></body></html>