crates.io allows RC4 for TLS connections #150
Comments
|
The site is hosted on Heroku, so unfortunately there's not much we can do about this (we don't configure SSL at all). |
|
I found a comment on the Heroku discussion forum that suggest "that re-provisioning the SSL addon does the job". Could be worth a shot? |
|
@alexcrichton (@-mentioning because I'm unsure of how GitHub notifications work) |
|
I've opened a support ticket to see what we can do, thanks for investigating @kamalmarhubi! |
|
👍 |
|
Looks like that comment on the forums may have been in relation to another app, this is the response we got:
|
|
Makes enough sense. I should have checked. I ran it through SSL Labs server test, it complained, and then I reported the issue. Thanks for checking! |
bors
added a commit
that referenced
this issue
Dec 17, 2019
…tle-5.1.0, r=locks Bump ember-page-title from 4.0.5 to 5.1.0 Bumps [ember-page-title](https://github.com/adopted-ember-addons/ember-page-title) from 4.0.5 to 5.1.0. <details> <summary>Release notes</summary> *Sourced from [ember-page-title's releases](https://github.com/adopted-ember-addons/ember-page-title/releases).* > ## 5.1.0 > Add a `front` argument to place the title at the front > > ## 5.0.2 > Update dependencies > > ## 5.0.1 > - Resolves Ember 3.6 deprecations > - Readme updated to reflect new location > - Docs site link updated > > ## 5.0.0 > 🚨 `prepend` is now `true` by default! > > ❤️ Thanks to [@​ondrejsevcik](https://github.com/ondrejsevcik) for this change! For reasoning behind this, I'll quote them directly: > > > With a limited space to show in a page title, it's a best practice to put current page title first. Otherwise you end up with a title where you can't clearly see what page are you in. This is especially issue when you have nested pages with long titles. > </details> <details> <summary>Commits</summary> - [`b5338ef`](ember-cli/ember-page-title@b5338ef) Release 5.1.0 - [`f4e643f`](ember-cli/ember-page-title@f4e643f) feat: Make it possible to specify that a token should ALWAYS be in front ([#152](https://github-redirect.dependabot.com/adopted-ember-addons/ember-page-title/issues/152)) - [`d32c4e9`](ember-cli/ember-page-title@d32c4e9) Release 5.0.2 - [`47f759a`](ember-cli/ember-page-title@47f759a) Merge pull request [#150](https://github-redirect.dependabot.com/adopted-ember-addons/ember-page-title/issues/150) from efx/fix-remove-kruft - [`2c7fd67`](ember-cli/ember-page-title@2c7fd67) remove ember-cli-release configuration - [`b3a240c`](ember-cli/ember-page-title@b3a240c) Merge pull request [#149](https://github-redirect.dependabot.com/adopted-ember-addons/ember-page-title/issues/149) from efx/fix-ember-try - [`0c62597`](ember-cli/ember-page-title@0c62597) fix ember try command - [`04f1e5a`](ember-cli/ember-page-title@04f1e5a) Merge pull request [#146](https://github-redirect.dependabot.com/adopted-ember-addons/ember-page-title/issues/146) from efx/no-var - [`a9bd983`](ember-cli/ember-page-title@a9bd983) Merge branch 'latest' into no-var - [`5eb7775`](ember-cli/ember-page-title@5eb7775) Merge pull request [#147](https://github-redirect.dependabot.com/adopted-ember-addons/ember-page-title/issues/147) from efx/update-ember-cli - Additional commits viewable in [compare view](ember-cli/ember-page-title@4.0.5...5.1.0) </details> <details> <summary>Maintainer changes</summary> This version was pushed to npm by [knownasilya](https://www.npmjs.com/~knownasilya), a new releaser for ember-page-title since your current version. </details> <br /> [](https://dependabot.com/compatibility-score.html?dependency-name=ember-page-title&package-manager=npm_and_yarn&previous-version=4.0.5&new-version=5.1.0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- **Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit. You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com). <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Unless there is a good reason to support it, the nginx configuration should be changed to disallow it.
The Mozilla wiki has a good guide for recommended cipher suites. Hyneck Schlawack also has a good guide.
The text was updated successfully, but these errors were encountered: