{"id":20280,"date":"2015-08-15T16:44:00","date_gmt":"2015-08-15T09:44:00","guid":{"rendered":"https:\/\/kitty.in.th\/?p=20280"},"modified":"2016-12-05T16:31:18","modified_gmt":"2016-12-05T09:31:18","slug":"getting-a-from-qualys-ssl","status":"publish","type":"post","link":"https:\/\/kitty.in.th\/index.php\/2015\/08\/15\/getting-a-from-qualys-ssl\/","title":{"rendered":"Getting &#8220;A&#8221; from Qualy&#8217;s SSL"},"content":{"rendered":"<p>Qualys SSL Labs provides a SSL Server Test for awhile. You can rate your web site at https:\/\/www.ssllabs.com\/ssltest<\/p>\n<p>To get rating &#8220;A&#8221;, there are few straightforward tricks:<\/p>\n<ol>\n<li>Disable all versions of SSL protocol. Enable only TLS. e.g.,\n<pre>ssl_protocols TLSv1 TLSv1.1 TLSv1.2<\/pre>\n<\/li>\n<li>Choose only strong ciphers, e.g., you&#8217;ll sacrifice some very old clients.\n<pre>ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;<\/pre>\n<\/li>\n<li>Use HSTS, e.g.,\n<pre>add_header Strict-Transport-Security max-age=31536000;<\/pre>\n<\/li>\n<\/ol>\n<p>Optionally,<\/p>\n<pre>\r\nssl_dhparam \/etc\/ssl\/private\/dhparam.pem;\r\nssl_stapling on;\r\nssl_stapling_verify on;\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Qualys SSL Labs provides a SSL Server Test for awhile. You can rate your web site at https:\/\/www.ssllabs.com\/ssltest To get rating &#8220;A&#8221;, there are few straightforward tricks: Disable all versions of SSL protocol. Enable only TLS. e.g., ssl_protocols TLSv1 TLSv1.1 TLSv1.2 Choose only strong ciphers, e.g., you&#8217;ll sacrifice some very old clients. ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; Use &hellip; <a href=\"https:\/\/kitty.in.th\/index.php\/2015\/08\/15\/getting-a-from-qualys-ssl\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Getting &#8220;A&#8221; from Qualy&#8217;s SSL<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,86],"tags":[126,5,100],"class_list":["post-20280","post","type-post","status-publish","format-standard","hentry","category-blog","category-lab","tag-admin","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/comments?post=20280"}],"version-history":[{"count":4,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20280\/revisions"}],"predecessor-version":[{"id":20285,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20280\/revisions\/20285"}],"wp:attachment":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/media?parent=20280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/categories?post=20280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/tags?post=20280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}