The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.
Attack vectors against TLS, implementation bugs, and how to mitigate TLS vulnerabilities in NGINX
In light of documented TLS vulnerabilities and implementation bugs, understanding known attack vectors becomes a necessity.
TLS 1.3 (with AEAD) and TLS 1.2 cipher suites demystified: how to pick your ciphers wisely
Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites. Pick the wrong settings and you declare an open season on your server.
A quick introduction to SSL/TLS encryption: understanding certificates and key pairs
Confused about SSL/TLS certificates? Here is a quick and dirty introduction to SSL/TLS encryption.
How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR
Generating SSL certificates when Letsencrypt (what is Letsencrypt, who is behind it, and how the heck can you get started) is available for your system works in a breeze, but what if you need your certificates for a machine that won’t take Letsencrypt (for whatever reason)? It is still possible: you can eitherĀ grab Letsencrypt from Git, or, for reasons of practicality… create a certificate signing request (CSR) on your target server, transfer it to your letsencrypt instance, generate the certificates you need, then transfer the generated files back to your target instanceĀ and install the certificates in your software.