From be82f065eca7edb0282038c0b58fdc59a96f68cd Mon Sep 17 00:00:00 2001
From: Theodotos Andreou <theo@ubuntucy.org>
Date: Sun, 14 Jan 2018 15:24:35 +0200
Subject: [PATCH] Created Securing the Website (markdown)

---
 Securing-the-Website.md | 42 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Securing-the-Website.md

diff --git a/Securing-the-Website.md b/Securing-the-Website.md
new file mode 100644
index 0000000..ef56a47
--- /dev/null
+++ b/Securing-the-Website.md
@@ -0,0 +1,42 @@
+In this guide we take additional steps to secure the website.
+
+## Prerequisites
+
+* Using the High Tech Bridge SSL/TLS Security Test:
+    https://www.htbridge.com/ssl/
+
+## Report
+
+These issues have been found:
+
+### Diffie-Hellman parameter's size is only 1024 bits
+
+> The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability
+
+Solution:
+
+Genarate a 2048 bit Diffie-Hellman pair:
+
+```
+$ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
+```
+
+Add this line in */etc/nginx/sites-available/cms*:
+
+```
+    ssl_dhparam /etc/nginx/dhparams.pem;
+```
+
+Restart *Nginx*:
+
+```
+$ sudo nginx -t && sudo systemctl restart nginx
+```
+
+Download the report in PDF form. You should score an A+ for PCI DSS after this.
+
+References
+----------
+* https://weakdh.org/
+* https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+* https://letsencrypt.org/certificates/
\ No newline at end of file