gary-rowe
commented
9 years ago Any progress on this, Jim?
Closed gary-rowe closed 9 years ago
gary-rowe
commented
9 years ago Any progress on this, Jim?
jim618
commented
9 years ago I've updated the httpd config in line with the article and done a graceful restart. Checked multibit.org, beta.multibit.org and that both Classic and MBHD can read the help.
Awaiting review and closing.
jim618
commented
9 years ago I just restarted the httpd server (just in case the config changes were not being used by a graceful restart) and reran the qualys SSL site test.
It is still coming in as B: https://www.ssllabs.com/ssltest/analyze.html?d=multibit.org
gary-rowe
commented
9 years ago Here's how the EFF did it for nginx: https://www.eff.org/deeplinks/2015/04/effs-updated-ssl-configuration Their cipher configuration is:
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";I have got the qualys grade up to A: https://www.ssllabs.com/ssltest/analyze.html?d=multibit.org
This involved updating the openssl and the httpd config. Awaiting review and closing
gary-rowe
commented
9 years ago Verified through the link. Rating is A.
Closing with a happy smile :-)
As discussed earlier the HTTPS configuration should be modified in accordance with the latest recommendations by Qualys SSL