- 07 May, 2022 9 commits
-
-
nimrod authored
I'm getting nowhere. I still got an A+, but now I'm marked down because I don't support TLS 1.2.
-
nimrod authored
-
nimrod authored
-
nimrod authored
Marked as weak in SSL Labs' test.
-
nimrod authored
-
nimrod authored
SSL Labs' test complains that it doesn't offer forward secrecy.
-
nimrod authored
Prettier editing.
-
nimrod authored
-
nimrod authored
Up to now I supported older browsers by supporting older versions of TLS and cipher suites. I still think it makes sense for my blog, etc. but not for Nextcloud or GitLab. So here's the first step, make the previous default SSL configuration be ssl-legacy (split out the common parts to ssl-common) and next is ssl-modern.
-
- 03 Mar, 2022 4 commits
- 10 Nov, 2021 2 commits
- 20 Sep, 2021 2 commits
- 31 May, 2021 1 commit
-
-
nimrod authored
-
- 19 May, 2021 2 commits
-
-
nimrod authored
So I can get the real client IP in the service.
- 14 May, 2021 1 commit
-
-
nimrod authored
If the acme challenge is in a location block but the default redirection is not, the default always takes precedence (Nginx won't resolve the order between the different directives, but it will between different location blocks).
-
- 02 May, 2021 3 commits
- 30 Apr, 2021 1 commit
-
-
nimrod authored
-
- 24 Apr, 2021 4 commits
- 23 Apr, 2021 1 commit
-
-
nimrod authored
How can I miss the opportunity to interfere with Google in any way?
-
- 21 Apr, 2021 1 commit
-
-
nimrod authored
-
- 12 Apr, 2021 2 commits
- 26 Mar, 2021 3 commits
- 19 Feb, 2021 1 commit
-
-
nimrod authored
-
- 11 Feb, 2021 1 commit
-
-
nimrod authored
Mainly ChaCha20. Also disable AESCCM (as per https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ it's slow and uncommon).
-
- 04 Feb, 2021 1 commit
-
-
nimrod authored
Vouch uses the Host header for calculating the JWT but we can't override that (proxying won't work with an incorrect header). So instead it to each deployment so we don't have multiple proxies and can override the Host header.
-
- 30 Jan, 2021 1 commit
-
-
nimrod authored
-