Hi

Agree on the blindly following. But its good to know how to get there
I also try this
https://cryptoreport.websecurity.symantec.com/checker/

question

tls/ssl compression is it worth it ? I have gzip setup, but I am guess
tls/ssl compression is over the top.

and know I have to read up about hsts and weather we need it or not :)



So at current $job we still need tls1.0 because our clients need it...


On 5 November 2016 at 08:28, Robert Paprocki
<rpaprocki@fearnothingproductions.net> wrote:
> https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html is a pretty
> decent write-up.
>
> IME, you need to present an HSTS header, otherwise an A+ is never awarded
> even with the strictest cipher suite and largest keys and DH primes.
>
> To be frank though, achieving an A+ is not a very very worthwhile goal; yes,
> setting up strong crypto is _very_ important, but what's more important is
> understanding what you're configuring and why, not just reading a guidebook.
>
> May I also offer another tool for checking TLS configs:
> https://github.com/rbsec/sslscan, if only to have another source for
> verifying TLS configs (IMO, relying exclusively on one single opinion, e.g.
> Qualsys, as THE authoritative source of truth for a 'proper' secure config
> is dangerous).
>
> On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <alex@samad.com.au> wrote:
>>
>> Hi
>>
>> Any one got a write up on how to get a A+ from this site.
>>
>> I can get a A and I have to support tls1.0 which might be dragging me down
>> !
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx