Comments (3)
Hi,
As for the SSL checking, here is the offline tools used:
https://github.com/rbsec/sslscan/
and to enhance the checks reported by internet.nl website, here is what needs to be accomplished;
- to have an IPv6 address for the web server
- sign the domain name with DNSSEC
- implement HSTS policy (HTTP Strict Transport Security)
- secure the Diffie-Hellman/DH-1024 key exchange (see https://security.stackexchange.com/questions/5487/is-1024bit-diffie-hellman-key-exchange-secure and https://weakdh.org/ )
- add a valid DANE record to the domain
Thanks a lot for your website
from thebestmotherfuckingwebsite.
Seems good now. I'll leave this issue open for discussion.
My current nginx config:
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
expires $expires;
server_name thebestmotherfucking.website www.thebestmotherfucking.website;
ssl_certificate /etc/letsencrypt/live/thebestmotherfucking.website/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thebestmotherfucking.website/privkey.pem;
include snippets/gzip.conf;
include snippets/ssl_best.conf;
server_tokens off;
location /
{
autoindex on;
root "/srv/html/thebestmotherfuckingwebsite/dist/";
include "/etc/nginx/cors.conf";
}
}
# SSL CONFIG
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ecdh_curve secp384r1;
#ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
add_header X-Frame-Options SAMEORIGIN;
add_header Referrer-Policy "same-origin";
from thebestmotherfuckingwebsite.
Will do, thank you :)
from thebestmotherfuckingwebsite.
Related Issues (20)
- Default inverted mode for macOs users with dark theme HOT 2
- Why is text justified? HOT 2
- remove third-party requests like Google Fonts HOT 1
- Missing favicons throughout devices and platforms HOT 6
- Brotli compression HOT 3
- CA is not green anymore HOT 2
- Use <figure> HOT 2
- Cat image is missing alt text. HOT 1
- inaccurate portrayal of IPoAC HOT 2
- Remove joke about "reading disabilities" HOT 3
- The accessibility toggles on the top right cannot be tabbed to HOT 1
- Anchor contrast HOT 1
- The website could use some security HTTP headers HOT 2
- Why is text still justified?
- Black on black with more contrast and inverted HOT 10
- Secure Connection Failed HOT 2
- Update to use gender neutral language HOT 1
- Remove custom coloration on links
- Inquery HOT 2
- Meth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thebestmotherfuckingwebsite.