Www.ssllabs.com testing: B. What can be done?


#1

The weakest area was Key Exchange. Is that something I need to be concerned with?


#2

Do you mean this?

If so, the main problem is the lack of forward secrecy. This means that if your private key was ever compromised, the attacker would be able to decrypt any of your old traffic that they had previously recorded. With forward secrecy they can only decrypt traffic starting from the moment they obtain your key.

Mozilla’s configuration generator can help with generating better configuration for your web server. The main thing you want is the section beginning # modern/intermediate configuration. tweak to your needs.


#3

Do you mean this?

It looked like key exchange was the bigger issue but maybe not.

Mozilla’s configuration generator can help with generating better configuration for your web server. The main thing you want is the section beginning # modern/intermediate configuration. tweak to your needs.

I use nginx…

Interestingly (and not apropos of LE) SSLLabs sees the use of HTTP Strict Transport Security (HSTS) but nextcloud always carps about it. Good to get that confirmed.


#4

Then select the nginx radio button :wink:


#5

:astonished::flushed::exploding_head:

That’s far…I never looked at the top of the page: I just saw the old httpd syntax/stanzas.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.