2 Securing the Website
Theodotos Andreou edited this page 2018-01-14 15:25:06 +02:00

In this guide we take additional steps to secure the website and reach PCI compliance.

Prerequisites

Report

These issues have been found:

Diffie-Hellman parameter's size is only 1024 bits

The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability

Solution:

Genarate a 2048 bit Diffie-Hellman pair:

$ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048

Add this line in /etc/nginx/sites-available/cms:

    ssl_dhparam /etc/nginx/dhparams.pem;

Restart Nginx:

$ sudo nginx -t && sudo systemctl restart nginx

Download the report in PDF form. You should score an A+ for PCI DSS after this.

References