duraconf
duraconf copied to clipboard
duraconf - A collection of hardened configuration files for SSL/TLS services
Added more detail for a strong sshd_config file
There is already a hardened SSH server configuration file, but this new SSH client configuration file will make OpenSSH SSH client prefer stronger ciphers and MACs when the server in...
More information about the Logjam attack here: https://weakdh.org/ And here are some information what to do as a server admin: https://weakdh.org/sysadmin.html
The README suggests it is possible to have Apache redirect users with insufficiently secure SSL/TLS stacks to some specific page indicating the problem. http://httpd.apache.org/docs/current/mod/mod_ssl.html#envvars describes the SSL related environmental variables...
Seems gnupg 2.1 now uses dirmngr.conf according to https://sks-keyservers.net/overview-of-pools.php. I haven't managed to get the new configuration to work yet but wanted to point it out.
e.g. from from https://stribika.github.io/2015/01/04/secure-secure-shell.html
https://twitter.com/ioerror/status/552441110719918080
Corrected docstring to mention that HSTS headers _are_ included, as well as some indentation cleanup.
The config before was fixed to TLSv1.0 see http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols