Hey, all. I was just having a look at a few institutional DSpace instances, and noticing that they are using sub-par cryptography. Unless you have a specific need to use SHA1, AES-CBC, RC4, MD5, or non-DHE RSA, you should REALLY be using the TLS cipher suite from this Mozilla guide:
https://wiki.mozilla.org/Security/Server_Side_TLS They have copy/paste-able strings for Apache httpd and Nginx web servers. Obviously test in a development server first... but really, this is a trivial change. You went to the trouble of buying TLS certs and setting up HTTPS, so you might as well do it right! -- Alan Orth alan.o...@gmail.com http://alaninkenya.org http://mjanja.co.ke "I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone." -Bjarne Stroustrup, inventor of C++ GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
