minor updates to the slides
authorAaron Kaplan <aaron@lo-res.org>
Thu, 14 Nov 2013 16:53:58 +0000 (17:53 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Thu, 14 Nov 2013 16:53:58 +0000 (17:53 +0100)
addition to lighttpd: HSTS.
Remark, that the lighttpd cipher string seems to be syntactically wrong

presentations/20131113 ACH project2.pptx
src/practical_settings.tex

index 8115aff..dbfab0c 100644 (file)
Binary files a/presentations/20131113 ACH project2.pptx and b/presentations/20131113 ACH project2.pptx differ
index 0c688a5..aff3512 100644 (file)
@@ -45,7 +45,8 @@ You should redirect everything to httpS:// if possible. In Apache you can do thi
 %% Note: need to be checked / reviewed
 
 %% Complete ssl.cipher-list with same algo than Apache
-%% Currently this is only the default proposed lighttpd config for SSL
+\todo{FIXME: this string seems to be wrongly formatted}
+
 \begin{lstlisting}[breaklines]
   $SERVER["socket"] == "0.0.0.0:443" {
     ssl.engine  = "enable"
@@ -55,6 +56,7 @@ You should redirect everything to httpS:// if possible. In Apache you can do thi
     ssl.pemfile = "/etc/lighttpd/server.pem"
     ssl.cipher-list = 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA'
     ssl.honor-cipher-order = "enable"
+    setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=31536000")
   }
 \end{lstlisting}