TLS

From CNM Wiki
Revision as of 11:08, 8 October 2018 by Natly0909 (talk | contribs) (Created page with "To protect against firesheep style attacks and general privacy leaks, it is recommended to host your site using TLS (HTTPS). If you do setup TLS, it is important to test your...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To protect against firesheep style attacks and general privacy leaks, it is recommended to host your site using TLS (HTTPS).

If you do setup TLS, it is important to test your site with ssllabs.com/ssltest/ to ensure that it is setup properly, as it is easy to accidentally misconfigure TLS. (Test OK)

If you enable TLS, you may also want to configure your webserver to send the strict-transport-security header. This will improve the security of your website against eavesdroppers quite a bit, but at the drawback that it means you cannot decide to stop using TLS for a set period of time.