Skip to content
This repository has been archived by the owner on May 8, 2022. It is now read-only.

Latest commit

 

History

History
29 lines (17 loc) · 1.34 KB

File metadata and controls

29 lines (17 loc) · 1.34 KB

Cache + SSL / TLS

Description

Topic discussed the 17th of september 2013 at La Pépinière 27 in Paris

Slideshow - PDF - French version

Meetup Event

Best practices (SSLLabs)

Testing SSL configuration (SSLLabs)
e.g. https://www.ssllabs.com/ssltest/analyze.html?d=start.weaving-the-web.org

AFSY (Association francophone des utilisateurs de Symfony)

Generate your Diffie-Hellman key using following openssl command (it may take a while)

openssl dhparam -out /etc/ssl/private/dh4096.pem -5 4096

Changelog

The following changes were applied right after Benjamin Sonntag talked about SSL/TLS at La Cantine in Paris on the 20th of Septembre 2013 :

  • Reduction of the cipher suites list offered by the SSL proxy (nginx)
  • SSL v3.0 has been removed from the list of protocols offered by the SSL proxy
  • A Diffie-Hellman key directive has been added to the SSL proxy configuration (Perfect Forward Secrecy)
  • A HTTP Strict Transport Security directive has been added to the SSL proxy configuration (nginx)