posted on Feb, 28 2017 @ 03:32 PM
a reply to: Bedlam
SHA2 is very similar to SHA1 from what I have read and the recommendation now is to use SHA3. I stopped using SHA256 early in 2016. There are also
problems with obsolete ciphers and protocols being used when it comes to web servers.
I used Qualy's SSL labs
to check my web server and I scored A+ (hours of reading). For comparison I tested Go
Daddy's site today which scored a C. Protocols SSLv2, SSLv3 and TLSv1.0 have been hacked and are considered unsafe. Go Daddy uses TLSv1.0. They
also use RC4 which is considered broken and unsafe to use along with other unsafe cipher suites. I removed RC4 2 years ago. Go Daddy does not have
perfect forward secrecy either.
Go Daddy Assessment
I am self-taught with no IT qualifications. If I can score A+ surely big companies who employ IT staff should score this as well. I find it
For anyone that is interested I use a Firefox add-on called 'SSleuth' which lets me see at a glance how secure website encryption is.
This is the SSLeuth readout from the Disqus hompage.
edit on 28-2-2017 by Morrad because: (no reason given)