We seriously good have a rocking thread about cereal in here. It's a fascinating subject for me.

Nice jpeg, I might have to use it sometime. :)

It has been done.

And you just had to go and actually do it. :P

After my running gimmick of derailing threads with cereal, it was only the next logical step.

I checked about a week ago and they got an "A" rating on SSL Pulse so if that's true it would seem to be a regression. Testing again right now...



Update: I'm getting an "A" class rating for all GOG's servers here still. Disabling the various insecure "compatibility" ciphers shouldn't have an effect on loading GOG's website with Firefox on a modern OS. Perfect forward secrecy is working fine here from what I can see:

Protocol Details
DROWN (experimental) No, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN test here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) TLS 1.0: 0xc014
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression No
RC4 No
Heartbeat (extension) Yes
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) No (more info)
Forward Secrecy With modern browsers (more info)
ALPN No
NPN Yes spdy/3.1 http/1.1
Session resumption (caching) Yes
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
HSTS Preloading Not in: Chrome Edge Firefox IE Tor
Public Key Pinning (HPKP) No
Public Key Pinning Report-Only No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No
DH public server param (Ys) reuse No
SSL 2 handshake compatibility Yes


Miscellaneous
Test date Sun, 16 Oct 2016 01:21:19 UTC
Test duration 141.739 seconds
HTTP status code 301
HTTP forwarding http://www.gog.com PLAINTEXT
HTTP server signature nginx
Server hostname host-193-59-178-35.gog.com

For people who are wondering, forward secrecy is a property of a cryptographic protocol, ensuring in our present case that even if GOG's server certificate is compromised it won't enable to decrypt past communications. You're right, the SSL exchange seems to be (relatively) weak, but it only applies to parts of the site. On www.gog.com I see indeed the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite being used, but on static and image servers, the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite is used which seems better (despite using AES 128 which is still fairly strong).

It's likely that the most sensitive information i.e. our login credentials and login cookie are sent to www.gog.com and not the static servers, hence no forward secrecy.

What's the deal however ?

I won't speak of the case where the server certificate gets compromised while still in production as it's a big problem no matter what the cipher suite is, and it's unlikely.

It's less unlikely that it gets compromised years after being removed from production, provided organisations with good computing power are working on it, but they still need to have records of past TLS communications of the users. So, not anyone can do that.

As for SHA-1, it's weak that's for sure and the TLS 1.2 RFC recommends that SHA-1 be abandoned, but using its weakness in our present context requires power and speed, as it would be used to inject bad data, not decrypt the data, hence the interest lies in the short life span of a TLS communication, provided you're well placed in the network that is.

That being said, it is indeed a good thing to get better security and GOG certainly has the means to do so :-)

EDIT : @skeletonbow, you likely typed gog.com on the SSL Pulse project page, where you should have typed www.gog.com, which has a rating of A- (A minus) since forward secrecy is not supported. gog.com redirects to www.gog.com, but SSL Pulse doesn't check for that... and rightfully so, in the sense that it could prevent some sites to be analysed as long as their "root URL" redirects somewhere else.