This last week we installed upgraded security certificates on Erowid and EcstasyData.
Over the last couple years there have been lots of new exploits and problems discovered with SSL. Although we have kept up with all the security updates as soon as they were announced (thanks to JL and Brian!), we had not upgraded our web security certificates that allow for substantially more secure connections for browsers that request it.
The new certs support SHA-2. SHA-1 is now considered “dangerously weak” and some groups have declared that they will no longer support it by the end of 2015. https://www.symantec.com/page.jsp?id=sha2-transition
As of today, SSLLabs.com gives Erowid.org an “A” :
