Tag Archives: TLS
Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial: OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading
Last week i received access to Let’s Encrypts beta, and therefore was able to generate some certificates which are fully accepted by any modern browser. Because of that, nethack.ch will be SSL only from now on. Let’s Encrypt should be GA around the 16th of November 2015. So, get ready to deploy SSL to your sites.
The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading