Created Securing the Website (markdown)

Theodotos Andreou 2018-01-14 15:24:35 +02:00
parent 9114489d46
commit be82f065ec

42
Securing-the-Website.md Normal file

@ -0,0 +1,42 @@
In this guide we take additional steps to secure the website.
## Prerequisites
* Using the High Tech Bridge SSL/TLS Security Test:
https://www.htbridge.com/ssl/
## Report
These issues have been found:
### Diffie-Hellman parameter's size is only 1024 bits
> The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability
Solution:
Genarate a 2048 bit Diffie-Hellman pair:
```
$ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
```
Add this line in */etc/nginx/sites-available/cms*:
```
ssl_dhparam /etc/nginx/dhparams.pem;
```
Restart *Nginx*:
```
$ sudo nginx -t && sudo systemctl restart nginx
```
Download the report in PDF form. You should score an A+ for PCI DSS after this.
References
----------
* https://weakdh.org/
* https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
* https://letsencrypt.org/certificates/