I bought Cruzer Dial USB Flash Drive 32GB Pack at Costco last week. It is on reduced price.
The USB Flash Drive has the following features:
- USB 2.0
- 2-Year limited warranty
- Password Protection and file privacy with included SanDisk SecureAccess Software
The USB connector, which is black, is not metal, but plastic.
When I plug in the Disk to my computer. It has following files and folder.
The PDF file, Back Up Your Files to the Cloud is to promote a third party cloud service.
Back Up Your Files to the Cloud
I have not heard it before. And I don’t want to try it, because I use Dropbox to backup and sync important files.
Continue reading “Cruzer Dial USB Flash Drive 32GB Pack”
It is easy to get an A+ on your website. But it is a little bit hard to make a 4 parts, Certificate, Protocol Support, Key Exchange, and Cipher Strength, to be 100%.
Most of time, I got A+ rating of my site. For individual scores, the last two are 90%.
Let me break down.
It is preaty easy to get 100% here.
- Make sure your certificate and intermediate certificate and CA are in the correct order.
- Don’t use SHA1 for the signature algorithm. Use SHA256 instead. Actually all main CA are using SHA256 now.
- Use a trusted CA. Do not use WoSign, StartCom.
- SSL 2.0 0%
- SSL 3.0 80%
- TLS 1.0 90%
- TLS 1.1 95%
- TLS 1.2 100%
So it is best to just use TLS 1.2.
Make a strong DHE (Ephemeral Diffie-Hellman) paramaaters.
openssldhparam -out /etc/nginx/ssl/dhparam.pem 4096
It is not enough. Add following into Nginx settings.
- 0 bits (no encryption) 0%
- < 128 bits (e.g., 40, 56) 20%
- < 256 bits (e.g., 128, 168) 80%
- >= 256 bits (e.g., 256) 100%
So I just use 256 bit cipher suites.
Here is a test site, I tried it today, 2018-08-11. It is A+ with four 100% scores.
Here is the most important part of Nginx config file. I put them all together.
# modern configuration. tweak to your needs.
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
## verify chain of trust of OCSP response using Root CA and Intermediate certs
Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.
It has three layers meaning.
- https support.
- HSTS enabled.
- HSTS preload enabled.
Let me explain them one by one.
First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.
After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.
Second, I add the HSTS into the Nginx configuration, to make it more secure.
What is HSTS?
HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797
Continue reading “Add my Blog to HSTS preload list”
Now, a lot of web site are going to add SSL for security purpose.
Just like my site here, the SSL Report is as below.
It is A+. The score is great. When I look at it close. There are four parts. Three of them are not 100%.
Can I make it all 100?
I use one test site to do my research and try to make it 100.
OK. Let me show you why and how to do it.
Continue reading “How to make the SSL site 100 in all four fields of SSLLAB Server Test”
It is a security update. Some of my Blogs do not have auto-update. So, manually update it by sign in.
Continue reading “Upgrade WordPress to 4.2.2”