securedrop.org icon indicating copy to clipboard operation
securedrop.org copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

More detailed checks of the landing page's SSL/TLS configuration

Open redshiftzero opened this issue 7 years ago • 2 comments

The SecureDrop Deployment Best Practices discusses several SSL/TLS configuration best practices for landing pages that are not currently checked using the automated scanner:

  • Hash function strength
  • Key length
  • Choice of ciphers
  • SSL/TLS versions
  • Perfect forward secrecy

It would be good to incorporate these things into our scanner by integrating this library.

(Migrated over from: https://github.com/freedomofpress/securedrop-landing-page-checker/issues/18)

redshiftzero avatar Nov 30 '17 01:11 redshiftzero

As you add things to the scanner, you'll also want to update the result groups (in the Wagtail snippets panel), so that the results are properly displayed. :)

raq929 avatar Nov 30 '17 14:11 raq929

Related: we should also alert admins when certificate expiry is approaching

redshiftzero avatar Jan 03 '18 22:01 redshiftzero