- May 07, 2022
-
-
nimrod authored
I'm getting nowhere. I still got an A+, but now I'm marked down because I don't support TLS 1.2.
-
nimrod authored
-
nimrod authored
-
nimrod authored
Marked as weak in SSL Labs' test.
-
nimrod authored
SSL Labs' test complains that it doesn't offer forward secrecy.
-
nimrod authored
Prettier editing.
-
nimrod authored
-
nimrod authored
Up to now I supported older browsers by supporting older versions of TLS and cipher suites. I still think it makes sense for my blog, etc. but not for Nextcloud or GitLab. So here's the first step, make the previous default SSL configuration be ssl-legacy (split out the common parts to ssl-common) and next is ssl-modern.
-
- Mar 03, 2022
- May 19, 2021
-
-
nimrod authored
So I can get the real client IP in the service.
- May 02, 2021
- Apr 30, 2021
-
-
nimrod authored
-
- Apr 24, 2021
-
-
nimrod authored
Snippet to redirect to https if Upgrade-Insecure-Requests is set in the request.
-
- Apr 23, 2021
-
-
nimrod authored
How can I miss the opportunity to interfere with Google in any way?
-
- Apr 21, 2021
-
-
nimrod authored
-
- Feb 11, 2021
-
-
nimrod authored
Mainly ChaCha20. Also disable AESCCM (as per https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ it's slow and uncommon).
-
- Feb 04, 2021
-
-
nimrod authored
Vouch uses the Host header for calculating the JWT but we can't override that (proxying won't work with an incorrect header). So instead it to each deployment so we don't have multiple proxies and can override the Host header.
-
- Jan 29, 2021
-
-
nimrod authored
Using vouch.shore.co.il.
-
- Jan 26, 2021
-
-
nimrod authored
-
- Jan 12, 2021
- Dec 12, 2020
- Dec 06, 2020
-
-
nimrod authored
- Replace file with configuration snippet. - Allow some domains, disallow others.
-
- Dec 01, 2020
-
-
nimrod authored
We set it in the proxy anyway, don't send 2 Strict-Transport-Security headers.
-
- Nov 23, 2020
-
-
nimrod authored
-