Skip to content
  1. Apr 01, 2018
    • JOduMonT's avatar
      hardening SSL + HEADER (#10) · f418e811
      JOduMonT authored and Pierre Ozoux's avatar Pierre Ozoux committed
      * hardening SSL + HEADER
      
      + global option == no-sslv3 no-tls-tickets force-tlsv12
      - CAMELIA CIPHER == on the way to be NIST & HIPAA Compliant
      + redirect only if not already SSL
      
      + Hardening HEADER with:
      ++ X-Frame-Options:\ SAMEORIGIN # OR DENY is another option
      ++ X-XSS-Protection
      ++ X-Content-Type-Options == nosniff
      ++ Referrer-Policy == no-referrer-when-downgrade
      
      which bring the security headers grade from E to B
      tested with https://securityheaders.io
      
      NOTE:
      Public-Key-Pins is more or less a DEAD project (https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead)
      Content-Security-Policy is tricky to make it GENERAL
      
      * i forget the if
      f418e811
  2. Dec 22, 2016
  3. Dec 14, 2016
  4. Nov 26, 2016
  5. Nov 25, 2016
  6. Oct 12, 2016
  7. Aug 06, 2016
  8. Jan 09, 2016
  9. Dec 21, 2015