Pagekite.py 0.5.7a and TLS improvements

By Bjarni Rúnar 2015-09-07, 12:36

Version 0.5.7a of pagekite.py has been released and is available for download.

This is a recommended update for all users. Updates since version version 0.6.5d:

• Security: The SSLv2 and SSLv3 protocols have been disabled
• Minor bug-fixes and packaging improvements

In particular, this release should address the problem experienced by users of modern distributions where the Python SSL module no longer supports old, insecure versions of the SSL protocol.

This release will be rolled out to the PageKite service front-end relays over the next few days.

As here at PageKite we like to eat our own dogfood, we actually use pagekite.py to serve up this web-site, our XML-RPC API and the dynamic DNS update services. Those have already been upgraded to version 0.5.7a, which brings our ssllabs.com score up from an F to an admittedly disappointing C. Unfortunately, a C is the best grade we can get for now. In order to do better we will need to undertake more wide-sweeping upgrades of the underlying operating system and libraries. This will happen, but may take some time.

Note that if you are using PageKite's end-to-end TLS support, this upgrade (or lack thereof) will have no impact on your security - it is up to you to configure your TLS server according to your needs.

Update 2015-09-07: The roll-out has been canceled (and rolled back) for now, due to incompatibilities with older versions of pagekite.py. It seems more work is needed!