Your IP address could not be determined at this time.

ACSP Suggestion 2015.15: Improvements to SSL Security for whois.arin.net

Suggestion

Author:
Frank Bulk
Submitted On:
15 September 2015

Description: Congratulations to the ARIN team for enabling SSL on whois.arin.net! An analysis of the SSL connection (https://dev.ssllabs.com/ssltest/analyze.html?d=whois.arin.net) shows that the servers supports weak Diffie-Hellman (DH) key exchange parameters. Is that something that could be tweaked to improve security? Could regular checks of ARIN's SSL connection be made, even if it was "only" via free service such as Qualys?

Value to Community: Protects communications made by users of ARIN's sites and instills confidence in ARIN's security posture.

Timeframe: Not specified

Status:
Open
Updated:
29 September 2015

Tracking Information

ARIN Comment

26 September 2015

Thank you for your suggestion, numbered 2015.15 upon confirmed receipt. Upon investigation, we discovered changing the Diffie-Hellman (DH) key parameter is a configuration change that is not currently supported by the vendor-supplied solution we use to front our directory service applications. We are investigating our options for this improvement with our vendor. We will make the change once the vendor delivers a solution that is tested and proven to work.

As part of our third-party security audits, we require analysis and reporting of our SSL-based services.

Thank you for bringing this matter to our attention. This suggestion will remain open until a solution is in place.

Search ACSP Content

Loading

full site search