Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4669446y@Wombat usually key strength brings it down.
But if you have tls1.2 only, and hsts it should get it over the line for A+. -
Wombat102476y@C0D4 ok. Still I'm too dumb to fix this. I hate devops and will satisfy with the A. 😐
-
C0D4669446y@Wombat both of these are just one liners in the config file / VirtualHosts file
HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
TLS:
SSLProtocol -all +TLSv1.2
The hard part is getting the keys down without breaking things, there’s a SO post somewhere for that, that lists them. -
C0D4669446y@Wombat I haven’t had the pleasure of using Nginx. But I wouldn’t think it would be to dissimilar. After all it’s just a header.
A quick google search shows very similar changes
https://askubuntu.com/questions/...
https://nginx.com/blog/...
Related Rants
There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.
Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)
rant
those feels
a lot of dependencies
server
success
rebuild