wasuptls

The goal of wasuptls is to provide an Apache2 configuration for websites with sensible data. It must be working today and not exclude any users. Instead users with unsafe browsers should be warned. wasuptls should be easy to embed in already existing websites.

The project consists of three parts which should be used together.

Apache2 config file
Server-side script TLS information
Client-side script to warn users with unsafe browsers

The logic is in the combination of Apache configuration and JS, server-side script is just glue.

Decisions

Based on stable software (Debian wheezy, OpenSSL 1.0.1e and Apache 2.4)
Export TLS information via SSI, but easy to do in any language
BEAST is considered to be mitigated client-side, Priority is Forward Secrecy -> no RC4
Prefer ECDHE over DHE
HTTP Strict Transport Security
No Keypinning as it isn't stable at the moment.

Benchmarks

ab results in benchmark.txt
Charts at https://sarwiki.informatik.hu-berlin.de/Modernes_SSL/TLS-Setup_mit_Apache#Benchmarks

Sources

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
https://github.com/ioerror/duraconf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

wasuptls

Decisions

Benchmarks

Sources

Files

README.md

Latest commit

History

README.md

File metadata and controls

wasuptls

Decisions

Benchmarks

Sources