It is easy to get an A+ on your website. But it is a little bit hard to make a 4 parts, Certificate, Protocol Support, Key Exchange, and Cipher Strength, to be 100%.
Most of time, I got A+ rating of my site. For individual scores, the last two are 90%.
Let me break down.
It is preaty easy to get 100% here.
- Make sure your certificate and intermediate certificate and CA are in the correct order.
- Don’t use SHA1 for the signature algorithm. Use SHA256 instead. Actually all main CA are using SHA256 now.
- Use a trusted CA. Do not use WoSign, StartCom.
- SSL 2.0 0%
- SSL 3.0 80%
- TLS 1.0 90%
- TLS 1.1 95%
- TLS 1.2 100%
So it is best to just use TLS 1.2.
Make a strong DHE (Ephemeral Diffie-Hellman) paramaaters.
openssldhparam -out /etc/nginx/ssl/dhparam.pem 4096
It is not enough. Add following into Nginx settings.
- 0 bits (no encryption) 0%
- < 128 bits (e.g., 40, 56) 20%
- < 256 bits (e.g., 128, 168) 80%
- >= 256 bits (e.g., 256) 100%
So I just use 256 bit cipher suites.
Here is a test site, I tried it today, 2018-08-11. It is A+ with four 100% scores.
Here is the most important part of Nginx config file. I put them all together.
# modern configuration. tweak to your needs.
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
## verify chain of trust of OCSP response using Root CA and Intermediate certs
After I upgrade my server from php 5.2 to php 5.3.3, I need XCache to accelerate my phpBB.
I did an installation from source. Then when I run command to check php version, it shew.
Continue reading “Install XCache 2.0.0 on CentOS 5.8 with PHP 5.3.3”
For testing purpose, I need a CentOS 6.3. So I download CentOS DVD image. Installed it in VirtualBox as web server.
Note: The network of guest system is using bridged, which allow the guest access internet, and also allow the computer in Lan can access the guest system.
The installation is simple, no problem. I would like to share my experience I met later.
1) Prepare the network
Only lo, or loopback is active. I can not access Internet from the CentOS.
eth0 is not showing when I run ifconfig command.
Continue reading “Prepare CentOS 6.3 within VirtualBox”
I have two monitor. Both are Acer. One is x223w, the other is AL1716.
Now I connected both of them to my computer. I have dual monitor working together side by side.
Left side is the main monitor, or monitor 1, through DVI port. The right monitor is monitor 2, or extended screen, through 15pin RGB port.
The effective of color are almost same.
I worked most time on left side. Playing video, reading reference doc, etc, on the right side.
Continue reading “Setup dual monitor for desktop”
There are so many hackers or what ever name for them, want to login ftp server of my VPS server.
The one of the most simplest way is to deny all IP address except specific IP address.
The FTP server running on VPS is Proftpd.
To do the limitation, just edit /etc/proftpd.conf
Add the following in the end.
Allow from 96.49., 64.180., 24.81.
Deny from all
Continue reading “Protect Proftpd server by restricting IP address allowed”
I move one site to a new server with Windows 2003.
It is a MySQL database. I use PHP script to connect the database file and query it.
I run the same script more than 5 years on the old server. After I move it to new one, it gives me the error as subject.
I did a lot of Googling. Found the answer at this blog(the link is not working any more), but now it is not available. So, I quoted the most important part from the Google Cached page.
This is an sql-mode issue, the mode defines what SQL syntax should be supported and what kind of data validation should be performed. In my problem MySQL is trying to assign an empty string to an auto-increment INT field and, as we should all know, strings into INTs don’t go. Cue errors and the script dies.
Longer term I am going to have to re-work my code to fix this issue, but in the short term, I am going to reduce the sensitivity of the control. To lower the level of data validation we can set the sql-mode to a lower level or comment it out altogether.
Solution is below:
Edit the my.cnf (my.ini in windows) file and find and comment out the line:
Continue reading “Solved MySQL 5 – Incorrect integer value: ” for column ‘id’ at row 1″
It is a great product, I ordered OBi110 from Amazon.
The most great part is:
OBi110 can work with Google Voice.
The product is provided by Obihai.
To Setup it work with Google Voice, go to OBiTALK.
After setup, I can use this phone to call US or Canada phone for free.
Continue reading “OBi110 Voice Service Bridge and VoIP Telephone Adapter”
It is a big news yesterday.
WiFi WPS security vulnerability found, major router makers affected
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network, but has been shown to easily fall to brute-force attacks. vi wiki
The router affected including:
D-Link Systems, Inc.
So, disable your WiFi WPS first.
How to Disabling WPS on Belkin router
1. Open a web browser on the computer.
2. In the address bar of the web browser, type http://192.168.2.1
3. Click Login in the upper right-hand corner of the page. The router does not ship with a password, so just click Submit.
4. Click on Wi-Fi Protected Setup or WPS (depending on which router you own) under Wireless in the menu on the left.
5. Click on the drop-down menu at the top of the page and select Disabled.
6. Click the “Apply Changes” button.
Continue reading “Disable your WiFi WPS, security vulnerability found”
I have a batch file, to run the command and want to close it automatically.
But it is always prompt that ask for Confirmation.
Actually I just want it run by schedule and close itself after finishing.
So, I use the Google BB (Big Buddha) to search it.
The final answer and only one answer is below.
Continue reading “How to close Firefox windows without prompt”
Just bought a iPod Touch 32G edition. It has safari browser. I use it to browse one of my Blog powered by WordPress. The text and images are so small. I know I can enlarge them by two fingers, but it is still has width problem.
I thought it must be some plugin can do it to make a blog mobile.
I did a google search and find this one: WordPress Mobile Pack
I install it on the backend of WordPress.
Just a few clicks to config it and it works.
I went to my blog. WordPress detected my browser and knew it is from an hand held device. So it gave the mobile version of Blog.
It is perfect. I don’t need to setup an separated domain for mobile device. Just like some site named as m.example.com. The regular site domain is www.example.com.
The configuration steps as below.
Continue reading “WordPress Mobile Pack is great”