Everyone who knows me a little bit knows how much I dislike Google but this time we really should thank them for taking a real step toward a more secure web. They are finally moving away from SHA-1 to the much more secure SHA-2, more info can be found here: http://googleonlinesecurity.blogspot.it/2014/09/gradually-sunsetting-sha-1.html .:. Setup CentOS 6.5 x86_64 nginx/1.6.1 OpenSSL 1.0.1e-fips 11 Feb 2013 Nginx developers provide an up to date repository (http://wiki. …

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2. On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2. So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter. …

Let’s say we have a WordPress blog and we would like to encrypt our login pages and the whole back-end of the site. There are many ways to do it, but since I already have a nginx instance configured as reverse proxy running in front of Apache I’ll use it to protect my admin pages and logins. In this page I’ll not cover Apache’s configuration, which, by the way, is trivial to say the least, so please refer to this other post: Apache + nginx as reverse proxy. …