17
C0D4
6y

There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.

Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)

Comments
  • 2
    I only got an A, but I don't really understand why. 😥
  • 2
    @Wombat usually key strength brings it down.

    But if you have tls1.2 only, and hsts it should get it over the line for A+.
  • 1
    @C0D4 ok. Still I'm too dumb to fix this. I hate devops and will satisfy with the A. 😐
  • 1
    @Wombat both of these are just one liners in the config file / VirtualHosts file

    HSTS
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

    TLS:
    SSLProtocol -all +TLSv1.2

    The hard part is getting the keys down without breaking things, there’s a SO post somewhere for that, that lists them.
  • 1
    @C0D4 is this the case for Nginx, too?
  • 1
    @Wombat I haven’t had the pleasure of using Nginx. But I wouldn’t think it would be to dissimilar. After all it’s just a header.

    A quick google search shows very similar changes

    https://askubuntu.com/questions/...

    https://nginx.com/blog/...
  • 1
    @C0D4 merci! <3
Add Comment