Author

Topic: Electrum related questions (SSL and PGP) (Read 1092 times)

full member
Activity: 196
Merit: 103
May 09, 2015, 06:06:24 PM
#1
Downloading electrum source and signature from https://electrum.org/#download:

https://download.electrum.org/Electrum-2.1.1.tar.gz
https://download.electrum.org/Electrum-2.1.1.tar.gz.asc

Checking site with ssllabs:
https://www.ssllabs.com/ssltest/analyze.html?d=electrum.org

The site scores 80/100 on Key Exchange. Is the below 'WEAK' entries antyhing at all to be concerned about?

Code:
Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits (p: 128, g: 128, Ys: 128)   FS   WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits (p: 128, g: 128, Ys: 128)   FS   WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 128, Ys: 128)   FS   WEAK 256

The only handshake simulation which had a match was:

Code:
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256

But that's an old OpenSSL version.

Further, I found ThomasV's pubkey here:

https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x2BD5824B7F9470E6

But as you can see, those are different, why?
Jump to: