Jump to content

Search the Community

Showing results for tags 'webserver'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me

Found 2 results

  1. A website with security-aware topics should really be a good example. In your case it is only good, but does not use security features, which it should use or which it might use as a site about encryption. So the SSL config is okay, but there are a few things to mention: You're missing the HSTS header. When you add it you'll get an A+ on SSLLabs. You're sending the root cert, which is unnecessary. You're not sending an intermediate certificate, which is neccessary. Currently this can cause connection failures. OCSP stapling would be a nice thing to add. Additionally you should really add some security headers and please consider using HPKP and CSP.
  2. The latest nginx version 1.11.0 now also supports hybrid RSA/ECDSA certificates now. ECDSA certificates are the fast and secure successor of RSA certificates, but only recent clients (aka browsers) currently support them.
  • Create New...