Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
mk · 3453 days ago · link · · parent · post: Hello Hubski, you might want to fix your SSL certificates
Thanks. It's on the short list. I never liked how people make their hair into balls like that.
You can get above C by disabling SSLv3 and maybe above B if you fix the ciphers, and other than that you just have to make a new cert signed with SHA2. Actually the intermediate cert is weak too so I dunno. Maybe a different CA. StartSSL is good. Free. Here's my config (nginx) that gets me A+ (along with a strong cert): ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;