- Nov 04, 2022
-
-
nimrod authored
-
- Jul 30, 2022
-
-
nimrod authored
-
- May 07, 2022
-
-
nimrod authored
I'm getting nowhere. I still got an A+, but now I'm marked down because I don't support TLS 1.2.
-
nimrod authored
-
nimrod authored
-
nimrod authored
Marked as weak in SSL Labs' test.
-
nimrod authored
-
nimrod authored
SSL Labs' test complains that it doesn't offer forward secrecy.
-
nimrod authored
Prettier editing.
-
nimrod authored
-
nimrod authored
Up to now I supported older browsers by supporting older versions of TLS and cipher suites. I still think it makes sense for my blog, etc. but not for Nextcloud or GitLab. So here's the first step, make the previous default SSL configuration be ssl-legacy (split out the common parts to ssl-common) and next is ssl-modern.
-
- Mar 03, 2022
- Nov 10, 2021
- Sep 20, 2021
- May 31, 2021
-
-
nimrod authored
-
- May 19, 2021
-
-
nimrod authored
So I can get the real client IP in the service.
- May 14, 2021
-
-
nimrod authored
If the acme challenge is in a location block but the default redirection is not, the default always takes precedence (Nginx won't resolve the order between the different directives, but it will between different location blocks).
-
- May 02, 2021
- Apr 30, 2021
-
-
nimrod authored
-
- Apr 24, 2021
- Apr 23, 2021
-
-
nimrod authored
How can I miss the opportunity to interfere with Google in any way?
-
- Apr 21, 2021
-
-
nimrod authored
-
- Apr 12, 2021
- Mar 26, 2021
- Feb 19, 2021
-
-
nimrod authored
-
- Feb 11, 2021
-
-
nimrod authored
Mainly ChaCha20. Also disable AESCCM (as per https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ it's slow and uncommon).
-