C0D4

5y

There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.

Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)

rant

those feels

a lot of dependencies

server

success

rebuild

Ranter

Comments

2

Wombat

10620

5y

I only got an A, but I don't really understand why. 😥
3

C0D4

69514

5y

@Wombat usually key strength brings it down.

But if you have tls1.2 only, and hsts it should get it over the line for A+.
1

Wombat

10620

5y

@C0D4 ok. Still I'm too dumb to fix this. I hate devops and will satisfy with the A. 😐
2

C0D4

69514

5y

@Wombat both of these are just one liners in the config file / VirtualHosts file

HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

TLS:
SSLProtocol -all +TLSv1.2

The hard part is getting the keys down without breaking things, there’s a SO post somewhere for that, that lists them.
1

Wombat

10620

5y

@C0D4 is this the case for Nginx, too?
2

C0D4

69514

5y

@Wombat I haven’t had the pleasure of using Nginx. But I wouldn’t think it would be to dissimilar. After all it’s just a header.

A quick google search shows very similar changes

https://askubuntu.com/questions/...

https://nginx.com/blog/...
1

Wombat

10620

5y

@C0D4 merci! <3

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service