[Xastir] https server is now operational

[Eric H. Christensen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, Jun 24, 2014 at 08:45:50PM -0700, Curt Mills wrote:
> In case any of you want to connect with https instead of http to
> xastir.org, it's possible now.  It's a self-signed certificate so
> you'll have to accept that certificate first, but after that
> everything should be encrypted between you and the server.

Unfortunately a self-signed cert can't protect against MITM attacks until that certificate is downloaded (how can you know that you have downloaded the correct cert?).  You can get a CA to sign the certificate for around $10 from ssls.com.  Also, the cert doesn't support www.xastir.org which can be problematic.  I'd also suggest signing the key with at least SHA256 instead of SHA1.

Also, it appears that the server supports EXPORT cipher suites.  I'd recommend just supporting HIGH ciphers.

You can take a look at the evaluation from SSLLabs[0].  Sorry, I do this for my $DAYJOB so I felt like I just had to respond.

[0] https://www.ssllabs.com/ssltest/analyze.html?d=xastir.org

73,
Eric W4OTN
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTqt1sAAoJEB/kgVGp2CYv0ggL/1CbR2jDyBLM/vC4gcFCB8/f
DeOmyLvFi0YUcD8XGsy6+ayWNtfH9pYV44DjxU7aZJyuzYRuYtx8+mYTfXzi70FU
b4nu7Zt+KFjfgaSZSaNV2US4DD43aeyRnJyRDrvIlUlgNgChrm4//pBLN9NkZQaE
7SXsPszc674O+NQb1zIo28QOVFtvwcGJlL3rgV85yau/UbR69wxhFd5rbHOQGDGZ
B88rs09N7bMwZ5i1T+CFFk7DgyJx3mEKU6/6mArxGNxMBaetGa5iThSVQpyBwwtO
RlTZ7UgFwTDdlEsBE0rZ4AkFW0GRsVyiBO4t2Su+ssSnJhdFr6YuCklJpXoxjwp2
Sw/myyQjedD+NTLVYoQ1ANZDsHjVuqF7rMNsXQd9E9yEFbz3bDxHftOeaE5qPvfq
ApX5xdHTtvOO4htzLL2Tw/SOyYKU4L8QMfiYYA41Fw5g1FOVOcJotAkG1PrBMZvf
S0sbutrOZd8YYG65eTdq+k1pGIWso9gGL3UHUW9Y6g==
=p1SY
-----END PGP SIGNATURE-----