updating TLS cert on tahoe-lafs.org
Frederik Braun
Frederik.Braun+tahoe at ruhr-uni-bochum.de
Mon Dec 8 17:11:20 UTC 2014
On 14/11/14 21:00, Brian Warner wrote:
> On 11/14/14 10:40 AM, Brian Warner wrote:
>>
>> I'm about to update the TLS cert on https://tahoe-lafs.org .
>
> ..
>
> I've also update our HSTS (HTTP Strict Transport Security) timer to 200
> days. This wins us an A+ from the Qualys SSL Server Test:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=tahoe-lafs.org
>
Sorry for replying so late, but if you're interested in further
optimizations you might also want to look into adding HTTP Public Key
Pinning (HPKP). I have tried to author some guidance on MDN a few weeks
ago:
https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
(when I added it to my personal web page).
This is also when I went into some kind of HTTPS optimization duel with
a co-worker of mine, who wrote up all his steps on his blog:
https://timtaubert.de/blog/2014/10/deploying-tls-the-hard-way/
More information about the tahoe-dev
mailing list