One more update: There is now an additional feature in NaviServer to
allow a site admin to
add extra reply header fields with little effort. The nssock and nsssl
driver accept new a parameter
extraheaders which contains an attribute/value list of extra reply
header fields. By using e.g.
ns_section ns/server/${servername}/module/nsssl
...
ns_param extraheaders { Strict-Transport-Security "max-age=31536000;
includeSubDomains"}
...
one can activate HTTP Strict Transport Security (HSTS) for https
connections. With this activated,
one can obtain an "A+" rating with NaviServer + ssl from Qualys SSL Labs.
all the best
-gustaf neumann
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
http://dev.chromium.org/sts
https://tools.ietf.org/html/rfc6797
Am 10.04.14 11:53, schrieb Gustaf Neumann:
Dear Friends,
the bitbucket repository contains a new version of the nsssl module of
NaviServer that
makes it easier to obtain from Qualys SSL Labs an "A" rating with
actual versions
of openssl by supporting more ciphers.
All the best
-gustaf neumann
New in Version 0.5:
- Support for Elliptic Curve Cryptography
(such as Elliptic Curve Diffie-Hellman (ECDH))
- Provide compiled-in defaults for DH parameters
- Handling several SSL and TLS bugs.
- Deactivated SSLv2
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
