Search the Community

Showing results for tags 'webserver'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type



Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 2 results

  1. A website with security-aware topics should really be a good example. In your case it is only good, but does not use security features, which it should use or which it might use as a site about encryption. So the SSL config is okay, but there are a few things to mention: You're missing the HSTS header. When you add it you'll get an A+ on SSLLabs. You're sending the root cert, which is unnecessary. You're not sending an intermediate certificate, which is neccessary. Currently this can cause connection failures. OCSP stapling would be a nice thing to add. Additionally you should really add some security headers and please consider using HPKP and CSP.
  2. The latest nginx version 1.11.0 now also supports hybrid RSA/ECDSA certificates now. ECDSA certificates are the fast and secure successor of RSA certificates, but only recent clients (aka browsers) currently support them.