Hello!
On Sun, Oct 19, 2014 at 07:59:32PM -0400, AJ Weber wrote:
> Looking through the results for my server, I noticed these two lines in the
> "Protocol Details" section:
>
> Session resumption (caching)No (IDs assigned but not accepted)
This means that you have no ssl_session_cache c
hello,
> Session resumption (caching)No (IDs assigned but not
> accepted)
> Session resumption (tickets)No INTOLERANT
>
> Should I change my config to alter these two results (for performance
> OR
> security)? If so, can anyone identify what config options I should
> add/c
Hello!
On Sat, Oct 18, 2014 at 10:51:20PM -0400, c0nw0nk wrote:
> So since i searched the Nginx Forum i can't find anyone who has posted a
> topic for Nginx security rules or examples so i will be the first to share
> my examples regardless of how bad of a idea some people may think that is.
>
>
Hello!
On Sat, Oct 18, 2014 at 02:59:32AM -0400, volga629 wrote:
> Hello Everyone,
> Trying build nginx 1.6.2 and --pid-path is not honored by build. Doesn't
> matter what I change it stays in /run/nginx.pid.
>
>
>
> Here buiild output
>
> http://fpaste.org/143079/41361548/
Likely it's what
Looking through the results for my server, I noticed these two lines in
the "Protocol Details" section:
Session resumption (caching)No (IDs assigned but not accepted)
Session resumption (tickets)No INTOLERANT
Should I change my config to alter these two results (for performanc
thanks, yes - i just thought to do that before i read your reply. the test
says my server is not vulnerable to the attack - so the bugfixes appear to
have been integrated into the latest fedora version of openssl, even though
running the openssl version command does not show this to be the case.
s
hi tunist,
if you want to test your server for CCS-vuln you might use
https://www.ssllabs.com/ssltest/
or the testscript from https://testssl.sh/
when you prefer to test locally.
>
> though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb
> 2013 not sure why..!?
distros backpor
fedora 20 - latest version of openssl = 1:openssl-1.0.1e-40.fc20.x86_64
though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb 2013
not sure why..!?
mex Wrote:
---
> CCS-scan probably, see
> https://www.mare-system.de/guide-to-n
CCS-scan probably, see
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#ccs-early-changecipherspec-attack)
what openssl-version do you use?
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254144,254146#msg-254146
___
oh, and another:
*188425 SSL_do_handshake() failed (SSL: error:14094085:SSL
routines:SSL3_READ_BYTES:ccs received early) while SSL handshaking, client:
xx.xx.xx.xx.xx, server: 0.0.0.0:443
is this maybe a result of hackers attempting to break into the server?
Posted at Nginx Forum:
http://forum.
i just noticed several entries in the main nginx log here that are:
[error] 28042#0: *12244 inflate() failed: -5 while processing SPDY, client:
xx.xx.xx.xx, server: 0.0.0.0:443
anyone know what this is caused by? i haven't found anything in the search
engines that relate yet
Posted at Nginx Foru
I have come across that same page before the one that is interesting me
right now is based of mex's comment on Security in header responses.
https://gist.github.com/plentz/6737338
# config to don't allow the browser to render the page inside an frame or
iframe
# and avoid clickjacking http://en.w
Paste in google:
Top 20 Nginx WebServer Best Security Practices
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254142#msg-254142
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
i think it's a nice idea and surely will participate with some stuff
like securtiy-headers (CSP/X-Frame-Options etc)
single issues/questions mgith still be discussed on-list,
and it should be no problem to post updates here from
time to time.
cheers,
mex
Posted at Nginx Forum:
http://fo
Hi c0nw0nk,
ping me offlist if you don’t already have a wiki account and i’ll get you set
up.
sarah
> On Oct 19, 2014, at 9:14 AM, c0nw0nk wrote:
>
> Thanks mex i will submit a wiki page how long do they take to get added or
> approved ? Also one of the main reasons i posted it here was just
Thanks mex i will submit a wiki page how long do they take to get added or
approved ? Also one of the main reasons i posted it here was just to have
everyone share what they use and some different and custom stuff.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254137#msg-254137
hi,
i'd suggest you collect your snippets in the nginx-wiki
http://wiki.nginx.org/
and link your collecftion back to http://wiki.nginx.org/Configuration
thus it will be easier to maintain and extend.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254136#msg-2
Hello,
I created a small MSI build script that can package nginx with nssm for
service installation. Please take a look at
https://github.com/akurdyukov/nginx-installer
Regards,
Alik.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254131,254131#msg-254131
18 matches
Mail list logo
