changes I made to the webserver: - added a cert to lists.sudoroom.org - enabled HSTS on all TLS domains (sudoroom.org, www, lists) - strongly prefer forward secrecy - disabled RC4 ciphers - disabled SSLv3 protocol Right now we are ONLY using TLS 1.0. Ideally we'd use 1.1 or 1.2, but it looks like Apache in Ubuntu LTS does not support either. This will keep us from getting a perfect score on https://www.ssllabs.com/ssltest/analyze.html?d=sudoroom.org :) I submitted an updated ruleset to HTTPS-Everywhere. By the way, sudo props to "MB <kunjurcca(a)gmail.com>" whoever you are, for submitting us back in April: https://github.com/EFForg/https-everywhere/commit/562cab99 It would be nice to have a TLS-only server. Right now we have the following domains being served in cleartext. Some of them can probably be removed or redirected to https://sudoroom.org/foo/ - thoughts? - api.sudoroom.org - fund.sudoroom.org - radio.sudoroom.org - dev.sudoroom.org - mesh.sudoroom.org [working redirect] - meshmap.sudoroom.org - o.sudoroom.org [working redirect] - science.sudoroom.org - survey.sudoroom.org