scottlinux.com SSL cert update | scottlinux.com has always been available over HTTPS, but now has a trusted cert so your browser should not complain. Here is the ssllabs report: https://www.ssllabs.com/ssltest/analyze.html?d=scottlinux.com Note for Windows XP users: scottlinux.com is using SNI in Apache so IE8 on Windows XP will complain of an untrusted SSL certificate. Firefox or Chrome on XP work fine.
Drupal Security Notes
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Enable or Disable Compression in Apache
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
How to Check Mail Server for SMTP Over TLS
How to Check Mail Server for SMTP Over TLS | Q. How can I check a server for SMTP over TLS? It is possible to have an SMTP connection use TLS from the sending server to the receiving server to add a pinch of security. Many banks and other security-minded corporations require this to send and receive email. To check the TLS capability of an
cURL Ignore SSL Certificate Warnings
cURL Ignore SSL Certificate Warnings | To ignore any ssl certificate warnings with curl, use the tack k option. Here is an example: $ curl -k https://scottlinux.com $ curl -I -k https://scottlinux.com HTTP/1.1 200 OK Date: Tue, 14 Feb 2012 20:00:03 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains X-Frame-Options: SAMEORIGIN Set-Cookie: bb2_screener_=1329249603+66.202.152.198; path=/ X-Pingback: http://scottlinux.com/xmlrpc.php Set-Cookie: PHPSESSID=lq5dpvfagbdstib7nlg2b8a0m7; path=/ X-Hello: Hello There Vary:
Disable SSLv2 in Cyrus IMAP server
Disable SSLv2 in Cyrus IMAP server | Cyrus often ships by default with SSLv2 enabled which can be considered a security vulnerability. Here’s how to disable SSLv2 in your Cyrus IMAP server! 1. Edit the file /etc/imapd.conf sudo nano /etc/imapd.conf Find the following line, and remove the SSLv2 indication where it may be found: Before: tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH After: (below is the Debian
Create self-signed SSL certificate for Virtual Host
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048
Enable HTTP Strict Transport Security on Debian / Ubuntu
Enable HTTP Strict Transport Security on Debian / Ubuntu | HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how! Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks. First, enable mod_headers: $ sudo a2enmod headers
