Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

https://cipherli.st

This should be on the list of valuable tools as well. It's a site which has strong example configurations for Apache, nginx, Openssh and many many others.. It's a great reference site. It's updated as new vulnerabilities are released, and as new technologies become available too.

Careful about implementing it all though - as their warning says, unless you understand things like HSTS or HPKP, implementing them incorrectly could make your site unavailable for a very, VERY long time.

That said, it's an easy way to get an A+! If you disable everything but TLS1.2, you can get a perfect 100/100/100/100.



Clicking through to the relevant "Rationale and tutorial" article on that site is well worth it, those tutorials are very useful for newbies.

I also found Mozilla's documentation for TLS very helpful: https://wiki.mozilla.org/Security/Server_Side_TLS


I love https://cipherli.st too - it's definitely worth reading their rationales - but the Mozilla Server Side TLS project the other poster and the article mentioned seems to have more contributors and be more frequently updated (it's also on github).




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: