SSL and STARTTLS Forward Secrecy

[dcposch]

Just in case.

Also, from the Open Technology Fund survey:

If StartTLS is supported, do you enable ciphers that are 
not-forward secret or have fewer than 128 bits?

We should not.

[AndrewTheLott]

According to SSL Report: scramble.io (173.255.244.90) assessed on: Tue Jan 13 06:50:36 PST 2015

• Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
• This server's certificate chain is incomplete. (see #105 for this one)
• This server accepts the RC4 cipher, which is weak.

On the plus side, Forward Secrecy & HSTS are enabled.