Unix Army
  • home
  • Built With Bootstrap

Testing your server's SSL health

I was reading an article on TechDirt today about Forward Secrecy in SSL/TLS connections and how Twitter had recently introduced it. In a nutshell, forward secrecy is a way of SSL handshaking that prevents someone nefarious who’s recording your SSL traffic from decrypting all of your previous SSL communication if your private key is compromised.

Out of curiosity, I ran the linked SSL tester from Qualys that checks your server for compliance with forward secrecy (in addition to a bunch of other useful stuff), and found out my systems were using old, stinky DES-based 56-bit ciphers. Since I’m running lighttpd, I followed Remy’s guide to securing my install.

Passing all the tests now with >80%! Hooray! I feel a tiny bit more secure now.

- Lefty, 01 Dec 2013

comments powered by Disqus
  • Lefty
  • Geek-at-large
  • web@unixarmy.com