summaryrefslogtreecommitdiffstats
path: root/roles/common-web/files/etc
Commit message (Collapse)AuthorAgeFiles
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
| | | | | | | | | | Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out.
* nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation.Guilhem Moulin2016-04-021
| | | | https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1k&hsts=yes&profile=intermediate
* Set HTTP security headers.Guilhem Moulin2016-03-302
| | | | See https://securityheaders.io .
* Replace LE's X1 intermediate CA with X3 since the latter has better support ↵Guilhem Moulin2016-03-281
| | | | for XP.
* Fix Let's Encrypt CAfile.Guilhem Moulin2015-12-281
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-202
|
* nginx: Move include.d/* to snippets/.Guilhem Moulin2015-12-205
|
* nginx: s/conf.d/include.d/Guilhem Moulin2015-12-151
|
* ngnix: mv ssl/config conf.d/sslGuilhem Moulin2015-12-091
|
* logjam mitigation.Guilhem Moulin2015-06-071
|
* Fix tab damage.Guilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* Follow Qualys's SSL labs recommendation for HTTPS.Guilhem Moulin2015-06-071
| | | | | (Disable SSLv3 and extend STS' max age to 180 days.) See https://www.ssllabs.com/ssltest/ .
* Common web configuration.Guilhem Moulin2015-06-074