bug#47823: Hardenize Guix website TLS/DNS

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47823: Hardenize Guix website TLS/DNS

From:	bo0od
Subject:	bug#47823: Hardenize Guix website TLS/DNS
Date:	Fri, 16 Apr 2021 11:00:05 +0000

Hi There,

Scanning Guix website gave many missing security features which modernsecurity needs them to be available:


* TLS and DNS:

looking at:

https://www.hardenize.com/report/guix.gnu.org/1618568751

https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org

- DNS: DNSSEC support missing (important)
- TLS 1.0 , 1.1 considered deprecated since 2020
- Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl
- Use only secure ciphers, disable old ciphers
- Force redirection of insecure connection with plain text to TLS
- HSTS/HSTS-preload support missing (important)


* Web Application (Headers):

I think its self explanatory:

https://securityheaders.com/?q=https%3A%2F%2Fguix.gnu.org%2F&followRedirects=on

ThX!

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47823: Hardenize Guix website TLS/DNS, bo0od <=
- bug#47823: Hardenize Guix website TLS/DNS, Leo Famulari, 2021/04/16
  - bug#47823: Hardenize Guix website TLS/DNS, Dr. Arne Babenhauserheide, 2021/04/16
  - bug#47823: Hardenize Guix website TLS/DNS, Julien Lepiller, 2021/04/16

Prev by Date: bug#47786: Several build --keep-failed result in wrong env variables
Next by Date: bug#47748: Packages which cant be find/removed by guix remove
Previous by thread: bug#47812: Incorrect code in the Guix manual, but only on the website
Next by thread: bug#47823: Hardenize Guix website TLS/DNS
Index(es):
- Date
- Thread