Why is mozilla-old 'bad'?

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.85k stars 193 forks source link

Why is mozilla-old 'bad'? #222

Open daurnimator opened 8 years ago

daurnimator commented 8 years ago

mozilla-old is a server configuration for maximum compatability: it should still be fine (but not "best") for modern clients.

lgarron commented 8 years ago

SSLv3 is certainly bad, even if there are still reasons for some sites to support it. ;-)

But mostly, we just needed to pick colors, and modern/intermediate/old easily maps onto "good/dubious/bad" for security levels.

april commented 8 years ago

I should note that intermediate is in no way dubious; it is the recommended configuration for most websites. They should probably map from modern/intermediate/old to good/good/bad. :)

ExE-Boss commented 7 years ago

Mozilla's documentation maps modern/intermediate/old to green/orange/grey on https://wiki.mozilla.org/Security/Server_Side_TLS

lgarron commented 7 years ago

Green/orange/gray kind of fits with our colors. :-)

(Green is secure, orange is "eh....", and gray is "no comment (even if there are good opinions to be had)".)