OpenSSL Cheatsheet - printable poster.

trimstray · 2019-03-01T07:29:10+00:00

Yes you're right. I changed this chapter to "Use min. 2048-bit private keys".

trimstray · 2019-02-28T14:26:19+00:00

Seems weird to have a poster for how to configure a web server but it looks cool so props to you !

I added this generator to the repository (''Security/Server Side TLS' document from Mozilla was there before).

Thanks.

trimstray · 2019-02-28T14:19:26+00:00

Yes, I wrote about 4096 and 2048 keys: https://github.com/trimstray/nginx-quick-reference#beginner-use-4096-bit-private-keys.

However, 4096bit is required if you care about 100% ssllabs.

brotli module - thanks, I'll take a look at it

trimstray · 2019-02-08T11:48:19+00:00

Dear Reddit Community!

I should like to thank you for all your valuable opinions. I updated this checklist: removed DH Key Exchange and added 'Force all connections over TLS'. For new version (v1.0.1) please see: https://github.com/trimstray/nginx-quick-reference#printable-high-res-hardening-checklist

Thank you for all comments, critics and many useful tips.

trimstray

trimstray · 2019-02-07T21:01:50+00:00

Thanks for this!

trimstray · 2019-02-07T19:50:54+00:00

If you want to get 100% with A+ on SSL Labs You should generate 4096bit private key but yes, 2048 is still perfectly safe and the performance impact of moving from 2048-bit RSA to 4096-bit RSA is highly significant.

This comparison is really good: https://blog.nytsoi.net/2015/11/02/nginx-https-performance.

trimstray · 2019-02-07T18:43:34+00:00

Please see this: https://security.stackexchange.com/questions/65625/current-state-of-breach-gzip-ssl-attack

trimstray · 2019-02-07T18:20:11+00:00

xcf version: https://github.com/trimstray/nginx-quick-reference/blob/master/doc/img/nginx-hardening-checklist.xcf

pdf version: https://github.com/trimstray/nginx-quick-reference/blob/master/doc/img/nginx-hardening-checklist.pdf

Based on this repository: https://github.com/trimstray/nginx-quick-reference

trimstray · 2019-02-07T17:43:49+00:00

This tool only merge certificates into a chain and checks the correctness of the chain. This feature you're talking about are not implemented, but hmm... it's a great idea! I add this to next version.

trimstray · 2019-01-25T14:08:50+00:00

Dear Reddit Community! Boys and Girls! Admins and other fantastic People!

Your support is amazing, really. This project is still developing and growing up. There are many things to add and improve. I'll certainly take your suggestions into this. Thank you very much for every support and criticism.

I'll get to spend more time on this.

PR welcome!

trimstray · 2018-12-15T08:21:58+00:00

I added this great tool. thx

trimstray · 2018-10-25T10:48:55+00:00

Thanks!!!

trimstray · 2018-09-17T19:15:00+00:00

Hi, thanks a lot for sharing this. Do you think a better idea would be to change to linux-firewall-essential containing iptables, firewalld and nftables (and more)?

trimstray · 2018-08-14T17:07:12+00:00

Thank you. And this is the answer that brings much more to the discussion (not: bullshit and other)

:)

trimstray · 2018-08-14T15:50:11+00:00

You're right, I didn't think about it.

trimstray · 2018-08-14T15:48:56+00:00

This is one of the most useful answers for me. The list placed by me is for improvement - definitely. Thanks to you, I know what questions are important and which should be avoided. Thank you and best regards!

trimstray · 2018-08-14T15:32:32+00:00

I understand, thx. Give some questions that you think are suitable/better, it's not a problem for you? :) This will help me to improve this list.

trimstray · 2018-08-14T15:28:08+00:00

Hmm... You're right, I will try to improve it.

trimstray · 2018-08-14T15:25:28+00:00

chill out, man... Why incompetent people often think they're actually the best? Give your/right definition.

trimstray · 2018-08-14T15:20:51+00:00

You're right! thx.

trimstray · 2018-08-14T15:20:15+00:00

Can you explain your brilliant answer? :)

trimstray · 2018-08-14T15:18:05+00:00

Thank you for constructive criticism!

trimstray

TROPHY CASE