Thread: Why no HTTPS?
View Single Post
Old 30th December 2018, 14:31   #10
BFeely
Junior Member
 
Join Date: Mar 2016
Posts: 14
It would be Winamp's responsibility for failing to provide even minimal industry standard security.

The Grade C given by SSL Labs is due to supporting SSLv3, and as a result being vulnerable to POODLE.
Even if SSLv3 were turned off, it would be capped to B because the site administrator installing the certificate file but not the chain file. This can cause a browser error if the intermediate certificate is not already in the browser's cache.

The server does support TLS 1.2, so the SSL toolkit installed on the server isn't completely obsolete.
The server does support strong ciphersuites, but at the same time supports the broken RC4 suite, and does not set server preference to the strong suites.
BFeely is offline   Reply With Quote