|
From: | bo0od |
Subject: | bug#47823: Website is fine |
Date: | Wed, 31 May 2023 16:37:00 +0000 |
1- hmm? why A rate should be ok? A+ is the target that you should aim for.Nevertheless, remove weak/stupid TLS ciphers in TLS 1.2 (e.g check grapheneos.org in ssllab/hardenizer to see which ciphers are the secure/recommended one to keep)
2- "While I prefer DNSSEC on my domains, I see nothing wrong with guix.gnu.org" Sorta contradictory, still (arguably) essential to have. *-*-*-*Extra fruit: in Whonix/Kicksecure and Danwin websites (i know) they changed the certificate signature from SHA256withRSA (RSA 2048 bits) to SHA384withECDSA (EC 384 bits) which is faster and more secure.
e.g: https://www.hardenize.com/report/whonix.org/1685550053#www_certsThis is just easy request to be made from letsencrypt and they will issue new one for you.
Thank You! Felix Lechner:
On Sun, May 21, 2023 at 7:21 PM Felix Lechner <felix.lechner@lease-up.com> wrote:For details, please consult the attached PDF document.Whoops, here is the missing attachment.
[Prev in Thread] | Current Thread | [Next in Thread] |