Categories
English Feeds

Francois Marier: Ideal OpenSSL configuration for Apache and nginx

After recently reading a number of SSL/TLS-related articles, I decided to experiment and look for the ideal OpenSSL configuration for Apache (using mod_ssl since I haven’t tried mod_gnutls yet) and nginx.

By “ideal” I mean that this configuration needs to be compatible with most user agents likely to interact with my website as well as being fast and secure.

Here is what I came up with for Apache:

SSLProtocol TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!kEDH

and for nginx:

ssl_protocols  TLSv1;
ssl_ciphers RC4-SHA:HIGH:!kEDH;
ssl_prefer_server_ciphers on;

Cipher and protocol selection

In terms of choosing a cipher to use, this configuration does three things:

Testing tools

The main tool I used while testing various configurations was the SSL labs online tool. The CipherFox extension for Firefox was also quite useful to quickly identify the selected cipher.

Of course, you’ll want to make sure that your configuration works in common browsers, but you should also test with tools like wget, curl and httping. Many of the online monitoring services are based on these.

Other considerations

To increase the performance and security of your connections, you should ensure that the following features are enabled:

  • SSL session caching with a session store shared between all of your web servers
  • HSTS headers to let browsers know that they should always visit your site over HTTPS
Note: If you have different SSL-enabled name-based vhosts on the same IP address (using SNI), make sure that their SSL cipher and protocol settings are identical.
Categories
English Feeds

Transportation stuff from delicious

[INFOGRAPHIC] 100 Year Old Infographics

A new exhibit at London’s Transport Museum, features a whole bunch of infographic posters all arguing the benefits of public transportation in a decidedly early 1900s style.

Here we are barrelling towards 2012 and living in the future. We invented the Internet, we invented social media, we invented FarmVille, we probably invented too, right? Wrong. Infographics have been around for a long while, as far back as early last century and probably even further back than that. , features a whole bunch of infographicy posters all arguing the benefits of public transportation in a decidedly early 1900s style.

Here we are barrelling towards 2012 and living in the fut …


[INFOGRAPHIC] The Greenest Way to Travel

With Benzinga’s Value Investor, you will receive expert analysis of the most under-the-radar stocks and learn about unique opportunities for realizing profits through long-term trades with minimal downside risk. Try Value Investors free today!