weak tls configuration - object storage

Hello,

I just checked linodes TLS configuration with SSL lab and I found that there are several issues.

<img alt="Image of b grade cert" src="https://user-images.githubusercontent.com/39703898/114743056-39eb7000-9d44-11eb-9a94-750a800d788c.png">

Are there any plans to improve on this or is this not considered a problem?

You can see the full report here.

https://www.ssllabs.com/ssltest/analyze.html?d=weak%2dtls.website%2deu%2dcentral%2d1.linodeobjects.com&s=2a01%3a7e01%3a0%3a0%3af03c%3a92ff%3afe92%3a797e&latest

1 Reply

The reason for the B grade is the use of TLS 1.0 and 1.1. I have an independently-audited, PCI compliant application that allows the use of weak ciphers, but still gets an A rating as it is TLS 1.2+ only.

I believe security is always a trade off between security and compatibility - you can have the best security by only using the latest, strong protocols, but you potentially lose compatibility with older clients (software/devices.)

For that reason, I can’t see Linode switching off TLS 1.0/1.1 on object storage … yet.

This would pose an issue if you are using Object Storage to store payment card-related data, as this has to be in a TLS 1.2+ only environment. It all depends on your use-case and risk assessment of the environment and technology you’re using in your solution.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct