Category: tls

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for SafeLine WAF on Hetzner server. Preparations Select Debian 12 as your system! Follow the steps in the Article How to install...

If you want to install the SafeLine WAF, here are some scripts to speed up your deployment. You must run the script as root as we need to install some packages from the official docker repository. I know – the official SafeLine installer already will install the needed packages. But this script helps in setting...

What is a WAF A Web Application Firewall (WAF) is a security tool that monitors, filters, and blocks HTTP/HTTPS traffic between web applications and the internet. It acts as a protective barrier specifically designed to defend web applications from various cyber attacks. When should I use a WAF – is it something I should use?...

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-Item 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'...

PowerShell script to enable TLS 1.2 TLS 1.2 enforcement for Azure AD Connect see https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/reference-connect-tls-enforcement

Roundup: Use either TLS 1.2 or 1.3. In either case use PFS (Perfect Forward Secrecy). Mindeststandard des BSI nach § 8 Abs. 1 Satz 1 BSIG zur Verwendung von Transport Layer Security (TLS) Version 2.0Datum 09.04.2019Dieser Mindeststandard beinhaltet Mindestsicherheitsanforderungen zur Verwendung von TLS in der Bundesverwaltung. Er macht Vorgaben für die Sicherstellung von Vertraulichkeit, Authentizität...

https://www.ssllabs.com/ssltest/analyze.html?d=blog.fresel.at&hideResults=on

AppleTherefore, we are deprecating support for TLS 1.0 and 1.1. Complete support will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020.https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/ GoogleTLS 1.0 and 1.1 will be disabled altogether in Chrome 81. This will affect users on early release channels starting January 2020. https://security.googleblog.com/2018/10/modernizing-transport-security.html MicrosoftToday, we’re announcing our...

yum install httpd mod_ssl python-certbot-apache -yfirewall-cmd --add-service=http --permanentfirewall-cmd --add-service=https --permanentsystemctl restart firewalldsystemctl enable httpd/etc/letsencrypt/cli.ini #Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 email = letsencrypt@DOMAIN domains = blog.DOMAIN must-staple = True staple-ocsp = True agree-tos = True debug = TrueEOFcertbot certonly --apache --config /etc/letsencrypt/cli.ini /etc/letsencrypt/options-ssl-apache.conf SSLEngine on SSLHonorCipherOrder     on...

<ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_include mime ^application/font* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule> <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType...