CHAT about SSL (https)

Post

Posted
Rating:
#4975 (In Topic #1109)
Avatar
Standard member
ironfeather is in the usergroup ‘Well-settled’

tips, and solutions to make your site SSL

Hello,

Just spent a bunch of time to get my site working with SSL (https) properly and learned many things and can help anyone else doing the same thing.

I host my site on my own DIY server (ubuntu & apache) so I had to sort it all out but now according to ::

SSL Server Test (Powered by Qualys SSL Labs)

My site has a score of : B

I am curious how your site is ranked?  If you are on a professional server my guess is they have it set up fine.

Another site that gives details about SSL settings of your site:

SSL Decoder

For fun I tested Composr CMS: Content Management meets social media

ranked: B

ssldecoder.org  warns about HTTP Strict Transport Security not set.   OCSP Stapling not enabled.

Some good tutorials I found:

Configuring Apache, Nginx, and OpenSSL for Forward Secrecy

Configuring Apache, Nginx, and OpenSSL for Forward Secrecy

View



SSL Enabling Forward Secrecy | DigiCert.com

ssl - Let's Encrypt - Apache - OCSP stapling - Unix & Linux Stack Exchange




 

———–
Publisher of IronFeather Journal since 1987.  Host of KGNU Colorado Radio for 20 years. 
Currently in Japan & decided to focus on Composr as my number one CMS.
Composr site for community of Hokkaido:  Nandalow.com
Composr site for my freelance work: Futurecode.jp
My Compsr edits : 
http://ironfeather.com/bbs/viewtopic.php?f=12&t=2862
Twitter: https://twitter.com/futurecodejp

 
Online now: No Back to the top

Post

Posted
Rating:
#4989
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
ssldecoder.org  warns about HTTP Strict Transport Security not set.   OCSP Stapling not enabled.

We are redirecting http traffic to https, which is equivalent.
IIRC this is done via our .htaccess file.

I think to get top grade on these kinds of tools you usually need to sacrifice some browser compatibility, or suffer slower initial handshake times connecting. It gets pretty complicated.


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top

Post

Posted
Rating:
#5015
Joe
Avatar
Standard member
Joe is in the usergroup ‘Honoured member’
Mine ranked A.

Not sure why the difference.

screen.png
Online now: No Back to the top

Post

Posted
Rating:
#5019
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
It's more of a web server configuration thing than a Composr thing. You can configure Apache (for example) to specify exactly what ciphers and protocols to allow. Some of them are very insecure, so having them enabled opens up various kinds of attack.


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.

Statistics

Users online:

Vaiva, ManojSree, Paul D, amit.nigam, deepu_ms, John Connor, Manu, babu, Salman

Forum statistics:
  • 1,084 topics, 5,240 posts, 6,124 members
  • Our newest member is aquantindia
Birthdays:
Back to Top