Qualys SSL test | config, F sites @ Slo-Tech

Forum » Operacijski sistemi »
Qualys SSL test | config, F sites

Qualys SSL test | config, F sites

HotBurek :: 25. jan 2019, 21:38

Pozdravljeni.

Zanima me, če uporabljate Qualys SSL za testiranje postavitve https strežnika, kakšen config uporabljate, ter kakšne F rated strani ste že našli.

4x 100% config za nginx 1.15.8:

server {
        listen 127.0.0.1:443 http2 ssl;

        server_name example.com;
        server_tokens off;

        add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        root /var/www/html/example.com/;

        ssl_certificate /var/certificates/example.com.pem;
        ssl_certificate_key /var/certificates/example.com.key;
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';

        ssl_session_cache shared:TLS:2m;
        ssl_buffer_size 4k;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 193.2.1.72 193.2.1.66 valid=300s;
        resolver_timeout 5s;

        ssl_ecdh_curve secp384r1;

        ssl_dhparam /etc/nginx/dhparam.pem;

        location / {
                try_files $uri /index.html =404;
        }

        access_log /var/log/nginx/example.com/access-https.log;
        error_log /var/log/nginx/example.com/error-https.log;
}

Rezultat:

https://www.ssllabs.com/ssltest/analyze...

root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window

Vredno ogleda ...

	Tema	Sporočila	Ogledi	Zadnje sporočilo
	Tema	Sporočila	Ogledi	Zadnje sporočilo
»	Javascript DOM based XSS vulnerability Joze_K Oddelek: Programiranje	15	3381 (2803)	MrStein 14. feb 2020 21:52:33
»	Firefox mi ne dovoli dostopa do NLB Klik twom Oddelek: Informacijska varnost	11	9582 (6885)	Twixz 7. maj 2018 12:24:37
»	Nginx ne pošlje vseh HTTP headerjev poweroff Oddelek: Izdelava spletišč	5	1331 (1198)	BaRtMaN 21. sep 2017 14:22:50
»	Slo tech nepodprt protokol gapoking Oddelek: Pomoč in nasveti	5	1439 (1356)	gapoking 3. apr 2017 18:20:55
»	UKC Ljubljana kot nova slovenska potemkinova vas za blagor naroda Primoz Oddelek: Novice / Varnost	30	10301 (7489)	Saul Goodman 30. mar 2017 19:41:56

Več podobnih tem

Zadnje novice

Zadnji članki

Išči:

Forum » Operacijski sistemi »
Qualys SSL test | config, F sites

Qualys SSL test | config, F sites

Qualys SSL test | config, F sites

HotBurek :: 25. jan 2019, 21:38

Vredno ogleda ...

Javascript DOM based XSS vulnerability

Firefox mi ne dovoli dostopa do NLB Klik

Nginx ne pošlje vseh HTTP headerjev

Slo tech nepodprt protokol

UKC Ljubljana kot nova slovenska potemkinova vas za blagor naroda

Forum » Operacijski sistemi » Qualys SSL test | config, F sites

Qualys SSL test | config, F sites

Qualys SSL test | config, F sites

HotBurek :: 25. jan 2019, 21:38

Vredno ogleda ...

Forum » Operacijski sistemi »
Qualys SSL test | config, F sites