the itjerk

my adventures with technology

Monthly Archives: May 2017

ssl grade a

Editing my /etc/apache2/mods-available/ssl.conf to use the following SSLCipherSuite changed my grade from SSLabs from B to A!

SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

Check it out:
https://www.ssllabs.com/ssltest/analyze.html?d=strawberrybricks.com

Advertisements

ssl 24/7

While I’ve had ssl on my website for sometime (for anything login related), I had never enabled it by default. First, I had to install the patch the Video Filter module to work with https connections to Youtube. Then, using the developers tools built into Chrome, I found I had a http link to a Facebook logo (I have no idea why it isn’t local). That had to be fixed in the site’s theme. Finally, I found I had the remnants of ShareThis in a block. Although I deleted the module eons ago, I forgot about the block (which is how it appears on a page). Thankfully, those developer tools in Chrome made it plain as day. Now that all that was fixed, I edited the .htaccess file for the site, and entered the following to force https connections. (Remember to restart Apache after you edit .htaccess.)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mywebsite.com/$1 [R,L]

With a free certificate from Let’s Encrypt, why not enable ssl. Oddly enough, only Chrome, Firefox and Microsoft browsers make it obvious when your connection to a website is secure. What’s up with that Apple?