Playing with SSL settings of my apache web server for my #nextcloud
Two month ago I wrote about the benefit of using trusted SSL certs issued by Let's encrypt.
These days I read a lot of articles about hardening your webserver and SSL settings.
Reason: Being a nerd or being aroused by Vault 7 or other security topcs.
I am not a fan of big blog articles incl. 1000 words.
So please read
-
https://mozilla.github.io/server-side-tls/ssl-config-generator/ - Really, really cool tool for people want to save time to configure their webserver
Just killed TLS 1.1 some days ago. - https://observatory.mozilla.org/analyze.html - really comprehensive tool to check your server
- https://geekflare.com/httponly-secure-cookie-apache/ Be aware of your cookies.
Result of check for my cloud URL at https://www.ssllabs.com/ssltest/
Checked SSL cert of my Nextcloud.
Oktober 2015 I used self signed versions. Now there is Let's encrypt and all private cloud owners can use their certs and services for free. Really appreciate that service and every user should donate one dollar a year.
Having a A+ is really great!
Check has be done using https://www.ssllabs.com/ssltest/.
- rakekniven's blog
- Login to post comments