Gustaf,
Amazing Work! I build nsssl 0.6 and I add extraheaders and it seems to
work fine.
But I had some "chain issues" yet (I only get an A rating, not A+).
Do I have to add, I mean "echo whatever >> certificate.pem", to
certificate.pem?
El 12/abril/14 14:54, Gustaf Neumann escribió:
> One more update: There is now an additional feature in NaviServer to
> allow a site admin to
> add extra reply header fields with little effort. The nssock and nsssl
> driver accept new a parameter
> extraheaders which contains an attribute/value list of extra reply
> header fields. By using e.g.
>
> ns_section ns/server/${servername}/module/nsssl
> ...
> ns_param extraheaders { Strict-Transport-Security
> "max-age=31536000; includeSubDomains"}
> ...
>
> one can activate HTTP Strict Transport Security (HSTS) for https
> connections. With this activated,
> one can obtain an "A+" rating with NaviServer + ssl from Qualys SSL Labs.
>
> all the best
> -gustaf neumann
>
> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> http://dev.chromium.org/sts
> https://tools.ietf.org/html/rfc6797
>
> Am 10.04.14 11:53, schrieb Gustaf Neumann:
>> Dear Friends,
>>
>> the bitbucket repository contains a new version of the nsssl module of
>> NaviServer that
>> makes it easier to obtain from Qualys SSL Labs an "A" rating with
>> actual versions
>> of openssl by supporting more ciphers.
>>
>> All the best
>> -gustaf neumann
>>
>> New in Version 0.5:
>> - Support for Elliptic Curve Cryptography
>> (such as Elliptic Curve Diffie-Hellman (ECDH))
>> - Provide compiled-in defaults for DH parameters
>> - Handling several SSL and TLS bugs.
>> - Deactivated SSLv2
>>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
>
>
>
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>
------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
