Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
www
 
 
 
 
 
 

wasuptls

The goal of wasuptls is to provide an Apache2 configuration for websites with sensible data. It must be working today and not exclude any users. Instead users with unsafe browsers should be warned. wasuptls should be easy to embed in already existing websites.

The project consists of three parts which should be used together.

  • Apache2 config file
  • Server-side script TLS information
  • Client-side script to warn users with unsafe browsers

The logic is in the combination of Apache configuration and JS, server-side script is just glue.

Decisions

  • Based on stable software (Debian wheezy, OpenSSL 1.0.1e and Apache 2.4)
  • Export TLS information via SSI, but easy to do in any language
  • BEAST is considered to be mitigated client-side, Priority is Forward Secrecy -> no RC4
  • Prefer ECDHE over DHE
  • HTTP Strict Transport Security
  • No Keypinning as it isn't stable at the moment.

Benchmarks

Sources

About

apache2 tls config with recent attacks in mind

Resources

Releases

No releases published

Packages

No packages published