Yahoo Pipes Blog – Pipes End-of-life Announcement
Posted by jpluimers on 2015/06/05
Too bad. It was fun while it lasted: Yahoo Pipes Blog – Pipes End-of-life Announcement (thanks to Dennis for reporting this).
Which means that in a few months time, this pipe will be gone: Delphi Pipe – Delphi related RSS feed running on Yahoo Pipes – via twm’s blog « The Wiert Corner – irregular stream of stuff.
There is an alternative: http://www.beginend.net/
That redirects to https://www.beginend.net/ which works fine from home, but at the client for I the McAfee gateway currently cannot handshake to it:
Host: http://www.beginend.net
Reason: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Anyone who knows what that is?
–jeroen
The Wiert Corner - irregular stream of stuff 
tls – How can I verify that SSLv3 protocol is disabled? – Information Security Stack Exchange « The Wiert Corner – irregular stream of stuff said
[…] Yahoo Pipes Blog – Pipes End-of-life Announcement « The Wiert Corner – irregular stream of stuf…. […]
thaddyThaddy de Koning said
You should not even attempt to use sslv3. You should phase it out ASAP regardless of weak keys or not. SSLv3 is compromized as is already stated above.
jpluimers said
Indeed. Sites offering SSLv3 should not get graded with A by any test.
Eric said
Probably the same as this http://stackoverflow.com/questions/26385603/facebook-sdk-for-php-error-curlexception-35-error14094410ssl-routinesssl3
The https is going through cloudflare, if that’s it, it should also happen on https://www.delphitools.info, and would mean the McAfee gateway is outdated and more liability than security…
jpluimers said
Thanks. I filed an issue at dearbytes who maintain the gateway.
jpluimers said
McAfee wasn’t wrong. I ran testssl.sh with two configs to test your site:
OPENSSL=./openssl-bins/openssl-1.0.2-chacha.pm/openssl32-1.0.2pm-krb5.chacha+poly ./testssl.sh beginend.net
OPENSSL=./testssl.sh beginend.net
Both got these results (also for delphitools.info):
– Weak Server key size 256 bit
– Secure Renegotiation (CVE 2009-3555) VULNERABLE (NOT ok)
So you need to have your software updated.
The http://www.beginend.net and http://www.delphitools.info give the above plus:
– BREACH (CVE-2013-3587) NOT ok: uses gzip HTTP compression (only “/” tested)
Eric said
Hmmm https://www.ssllabs.com/ssltest/ reports an A and your testssl results look outdated: the CVE 2009 is very old, and the 256 bit key size would have been low on old algorithms, but is not for the one used.
Also the McAfee gateway was failing a connection on ssl3, which is a different problem, ssl3 is clearly compromised and it should not have attempted it.
I’ll try to reproduce the testssl results (gihub version failed to resolve the domain though, so did not run under ubuntu 14)
jpluimers said
It was indeed a but in testssl.sh: https://github.com/drwetter/testssl.sh/issues/161#issuecomment-131432908
dspreen said
Should be something with the POODLE attack and the deprecated SSLv3
https://community.mcafee.com/docs/DOC-6559
dennis said
Should be something with the POODLE and depracted SSLv3, see
https://community.mcafee.com/docs/DOC-6559
jpluimers said
Thanks. Will have a look when home.
This says it should be OK: https://www.ssllabs.com/ssltest/analyze.html?d=beginend.net
But I cannot run this from here: https://testssl.sh/