Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,981

    [Tutorial] Strong SSL Security

    Strong SSL Security on lighttpd

    14-06-2015 | Remy van Elst
    This tutorial shows you how to set up strong SSL security on the lighttpd webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.
    Read more...



    Strong SSL Security on nginx


    14-06-2015 | Remy van Elst
    This tutorial shows you how to set up strong SSL security on the nginx webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.
    Read more...



    Strong SSL Security on Apache2


    14-06-2015 | Remy van Elst
    This tutorial shows you how to set up strong SSL security on the Apache2 webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.
    Read more...

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,981

    Aviso aos navegantes

    Código:
    setenv.add-response-header = (
             "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
             "X-Frame-Options" => "DENY",
             "X-Content-Type-Options" => "nosniff"
     )
    A configuração recomendada quebra o RoundCube. Suponho que muitas outras implementações.

    Para poder usar o RC reduzi a proteção contra clickjacking alterando a linha vermelha para:

    Código:
     "X-Frame-Options" => "SAMEORIGIN",
    o que parece acomodar a necessidade do RC:

    http://trac.roundcube.net/changeset/c170bfc9/github

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •