SSL - Suggestion

dreamobjects

#1

It looks like Dream Objects does have a wildcard certificate which is good, but Chrome currently reports it as being in-secure (I.e. No padlock) due to the algorithm. In the future Chrome is likely to report it as being bad. (I.e. Red X)

Therefore it would be nice if the cerrtificate was upgraded to the latest standards.

It also looks like the SSL profile that you’re using is not ideal, resulting in an SSL Labs “B” rating:
https://www.ssllabs.com/ssltest/analyze.html?d=objects.dreamhost.com&hideResults=on

The main reason for this is support for SSL3 and RC4. Really the profile used should at least be rated as A-, but ideally A+. This should be periodically checked and updated as required. You could allow selection on a per-bucket basis if you wish to retain compatibility with IE 8 / Win XP.

It would also be nice if we could provide our own certificates for the aliases in the same way that you can when using the shared hosting.

It goes without saying that the above should also apply for DreamSpeed.


#2

Our security team was just talking about the cipher suite we’re using with DreamObjects and that we needed to update it. Look for an update soon.

We don’t have any plans yet for allowing you to provide your own certificate but it’s something we’ll look at.