Skip to main content

Posts

Showing posts from July, 2020

Getting an A+ Score on Qualys' SSL Server Test

On a lark, to get some experience with configuring HTTPS servers, I decided to host the Flightware frontends on my RaspberryPi on an HTTPS endpoint instead of the default HTTP. The broad steps to do this were: Getting a certificate for my site via LetsEncrypt's certbot Enabling the HTTPS endpoint on Lighttpd Testing the security of the setup via the Qualys SSL Server Test It took some trial and error to get an A+ rating for my server's SSL setup . The two key steps involved in improving the security of the setup were: Starting with a strong SSL configuration generated by Mozilla's SSL Configuration Generator . This means no SSL v2, SSL v3 or anything below TLS v1.2, and setting up HSTS Configuring DNS CAA records for the domain. Here's how my CAA record is configured on Google Domains: ➜ dig caa element77.com +short 0 issue "letsencrypt.org" 0 issue "pki.goog" 0 iodef "mailto:caa@element77.com" 0 issue "amazon.com" I haven't