[guardian-dev] https connection to guardianproject's blog
Lee Azzarello
lee at guardianproject.info
Fri Jan 31 11:02:08 EST 2014
I know this hosting company that gives you VM that works like a real
computer.
Openhosting.com
Probably worth it since I have physical access to the racks. That's better
trust then you'll get at any other cloud hosting company.
-lee
On Friday, January 31, 2014, Hans-Christoph Steiner <
hans at guardianproject.info> wrote:
>
>
> On 01/31/2014 08:42 AM, Matej Kovacic wrote:
> > Hi,
> >
> >> https://guardianproject.info/blog results in "Error establishing a
> >> database connection"
>
> Yup, its down, and the person with admin access is traveling in a far away
> land...
>
>
> > BTW, there is a SSL test:
> > https://www.ssllabs.com/ssltest/analyze.html?d=guardianproject.info
> >
> > My recommendation is to enable TLS 1.1 and TLS 1.2 and disable SSL 3,
> > enable Perferct Forward Secrecy (in Apache you can use parameter
> > SSLDHParametersFile, but only from Apache 2.4.2
> > /etc/apache2/ssl/dhparam_4096.pem.
> >
> > I would also recommend to enable Strict Transport Security (add this
> > into Apache config: Header add Strict-Transport-Security
> > "max-age=31536000").
> >
> > There are also some certification paths issues, it seems you need to
> > add intermediate certificate to your Apache config. I would also
> > recommend to update OpenSSL (Lucy 13 attack is mitigated since 1.0.1
> > version).
> >
> > It seems you have SSLHonorCipherOrder On, but to mitigate BEAST and
> > some other attacka I would recommend to add this parameter in your
> > Apache config:
> >
> > SSLCipherSuite
> >
> 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>
> These are all things we want to do, but we don't have control over that
> part.
> Its an old school web hosting package from our friends at mayfirst.org.
> So
> we're asking them if this stuff can be improved.
>
> .hc
>
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140131/acb6b48b/attachment.html>
More information about the Guardian-dev
mailing list