-
Display NameCam Russell
-
Member SinceDecember 31st, 2018
-
Last SeenAugust 29th, 2019
Cam Russell does not have any add-ons for sale.
-
Support January 10th, 2019 @ 3:22 pm
Hi Max,
That makes sense and is what I would expect. No worries about the timeline on changing this as it is not critical.
In the long run, you may want to sync up with the current Apache recommendations as some organizations such as us will seek to have the most secure SSL connections in these days where corporate hacking is gaining big headlines.
Thanks for looking into this.
View Comment
-
Support January 9th, 2019 @ 7:28 pm
Hi Max,
I set the server up with the following:
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
It is part of the recommendation found here:
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
I then relaxed this to the Turnkey VM default which is:
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
View Comment
-
Support January 2nd, 2019 @ 8:35 pm
After additional log file investigation I found that the issue was the SSL Cipher Suite that I was using was not supported by the GrinMark add-in and cloud app. It turns out that this add-in is not compatible with the recommendations for "Cipher Suites and Enforcing Strong Encryption" found here:
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
After relaxing the acceptable cipher suite configuration to the default found with the Turnkey suiteCRM VM, my SSL connection to suiteCRM works successfully.
Down the road, as a paying customer we would like to see the Grinmark add-in and underlying cloud application upgraded so that it can support SSL connections that have been configured according the the Apache recommendations for "Cipher Suites and Enforcing Strong Encryption" found at the URL listed above. For the money you are charging, and considering this is a cloud based application, security considerations should be maintained up to date for your product.
View Comment
-
Support January 1st, 2019 @ 10:15 pm
Correction above. The above should read TLS 1.2, not TLS 1.3 throughout the text.
View Comment
-
January 9th, 2019 @ 1:47 am
Additional Update: After some time to get back to us, the vendor has been very helpful and co-operative overall. We have now had some time to use the product and we can report that the add-in actually works great and is really quite useful! I will provide additional feedback from our other beta testers in another week or so. Update: The vendor has since responded and fixed the server-side problem with some of our licenses. Provided that there is support, this is a good product and does what it is intended to do. Original Feedback: The first problem was that this product does not support the SSL strong encryption recommendations here: https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html Support did not initially answer any of my tickets so I had to troubleshoot this myself and found that I needed to relax the SSLCipherSuite configuration to talk to their cloud server, which is OK, but sub-optimal. In the long run, they will be updating their server, but that may take some time. After this glitch, we had this add-in working successfully for 8 days and then it would no longer sync and returned an Email stating: License Not Found Insufficient license to start synchronization Testing the license in settings shows that it is valid, and we also had 3 more weeks of free trial time on this license. Turns out it was a server side issue they resolved for us within the week. View Add-on
7.10.11Cam Russell has not created any Wanted Add-ons.