[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47823: Hardenize Guix website TLS/DNS
From: |
bo0od |
Subject: |
bug#47823: Hardenize Guix website TLS/DNS |
Date: |
Fri, 16 Apr 2021 11:00:05 +0000 |
Hi There,
Scanning Guix website gave many missing security features which modern
security needs them to be available:
* TLS and DNS:
looking at:
https://www.hardenize.com/report/guix.gnu.org/1618568751
https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
- DNS: DNSSEC support missing (important)
- TLS 1.0 , 1.1 considered deprecated since 2020
- Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl
- Use only secure ciphers, disable old ciphers
- Force redirection of insecure connection with plain text to TLS
- HSTS/HSTS-preload support missing (important)
* Web Application (Headers):
I think its self explanatory:
https://securityheaders.com/?q=https%3A%2F%2Fguix.gnu.org%2F&followRedirects=on
ThX!
- bug#47823: Hardenize Guix website TLS/DNS,
bo0od <=