Hi Irshad,
On 6/29/15 7:18 AM, Irshaad Abdool wrote:
>
> According to your article which by the way is very interesting, the
> website is a threat to citizens and their data. I agree that it is true
> but do citizens use the portal that much? Are there any such sensitive
> information that can be compromised?
>
The word threat can be categorized as having several levels. I read RFC
7465 [1] and its status is a "proposed standard". A proposed [2]
standard can be regarded as something desirable. You apply it unless you
have a reason for not doing so.
The Government Portal, www.govmu.org, uses a wildcard SSL certificate
(*.govmu.org). This covers m.govmu.org as well. Both www.govmu.org and
m.govmu.org respond from same server.
The following cipher is supported by the webserver: TLS_RSA_WITH_RC4_128_MD5
It can be read as the cipher suite using RSA for key exchange, RC4 with
128-bit for encryption and MD5 for message authentication. Each of the
keywords might help for further reading.
At the moment of writing this email, the following websites as well
support cipher TLS_RSA_WITH_RC4_128_MD5 :
ib.mcb.mu
www.google.mu
mail.google.com
mail.live.com
www.facebook.com
Websites that do not support TLS_RSA_WITH_RC4_128_MD5 :
www.dropbox.com
www.mega.nz
Well, I am just sharing my observation so far.
[1]
https://tools.ietf.org/html/rfc7465
[2]
https://tools.ietf.org/html/rfc2026#page-11
Regards,
--
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Mon Jun 29 2015 - 07:17:33 PST