Created Securing the Website (markdown)

2018-01-14 15:24:35 +02:00 · 2018-01-14 15:24:35 +02:00 · be82f065ec
parent 9114489d46
commit be82f065ec
1 changed files with 42 additions and 0 deletions
--- a/Securing-the-Website.md
+++ b/Securing-the-Website.md
@ -0,0 +1,42 @@
+In this guide we take additional steps to secure the website.
+
+## Prerequisites
+
+* Using the High Tech Bridge SSL/TLS Security Test:
+    https://www.htbridge.com/ssl/
+
+## Report
+
+These issues have been found:
+
+### Diffie-Hellman parameter's size is only 1024 bits
+
+> The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability
+
+Solution:
+
+Genarate a 2048 bit Diffie-Hellman pair:
+
+```
+$ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
+```
+
+Add this line in */etc/nginx/sites-available/cms*:
+
+```
+    ssl_dhparam /etc/nginx/dhparams.pem;
+```
+
+Restart *Nginx*:
+
+```
+$ sudo nginx -t && sudo systemctl restart nginx
+```
+
+Download the report in PDF form. You should score an A+ for PCI DSS after this.
+
+References
+----------
+* https://weakdh.org/
+* https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+* https://letsencrypt.org/certificates/