Re: [Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

Sat, 13 Sep 2014 11:44:23 -0700 

Hi Alan

Any advice here:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections,
would be appreciated.

Cheers

hg


*Hilton Gibson*
Ubuntu Linux Systems Administrator
JS Gericke Library
Room 1025C
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

On 13 September 2014 19:59, Alan Orth <[email protected]> wrote:

> Hey, all.
>
> I was just having a look at a few institutional DSpace instances, and
> noticing that they are using sub-par cryptography.  Unless you have a
> specific need to use SHA1, AES-CBC, RC4, MD5, or non-DHE RSA, you should
> REALLY be using the TLS cipher suite from this Mozilla guide:
>
> https://wiki.mozilla.org/Security/Server_Side_TLS
>
> They have copy/paste-able strings for Apache httpd and Nginx web servers.
>
> Obviously test in a development server first... but really, this is a
> trivial change.  You went to the trouble of buying TLS certs and setting
> up HTTPS, so you might as well do it right!
>
> --
> Alan Orth
> [email protected]
> http://alaninkenya.org
> http://mjanja.co.ke
> "I have always wished for my computer to be as easy to use as my
> telephone; my wish has come true because I can no longer figure out how
> to use my telephone." -Bjarne Stroustrup, inventor of C++
> GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
>
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> DSpace-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Reply via email to