ssllabs A+ rating
alex at samad.com.au
Fri Nov 4 22:57:43 UTC 2016
Agree on the blindly following. But its good to know how to get there
I also try this
tls/ssl compression is it worth it ? I have gzip setup, but I am guess
tls/ssl compression is over the top.
and know I have to read up about hsts and weather we need it or not :)
So at current $job we still need tls1.0 because our clients need it...
On 5 November 2016 at 08:28, Robert Paprocki
<rpaprocki at fearnothingproductions.net> wrote:
> https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html is a pretty
> decent write-up.
> IME, you need to present an HSTS header, otherwise an A+ is never awarded
> even with the strictest cipher suite and largest keys and DH primes.
> To be frank though, achieving an A+ is not a very very worthwhile goal; yes,
> setting up strong crypto is _very_ important, but what's more important is
> understanding what you're configuring and why, not just reading a guidebook.
> May I also offer another tool for checking TLS configs:
> https://github.com/rbsec/sslscan, if only to have another source for
> verifying TLS configs (IMO, relying exclusively on one single opinion, e.g.
> Qualsys, as THE authoritative source of truth for a 'proper' secure config
> is dangerous).
> On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <alex at samad.com.au> wrote:
>> Any one got a write up on how to get a A+ from this site.
>> I can get a A and I have to support tls1.0 which might be dragging me down
>> nginx mailing list
>> nginx at nginx.org
> nginx mailing list
> nginx at nginx.org
More information about the nginx