Securing SSL and HTTPS might seem like a contradiction to you, because SSL and HTTPS are secure right? Well, not entirely and always. There are some awesome tools out there that will get your website from an F to an A+. Check this out.
This is a good example of always being on top of your game. Besides Linux, security is a topic I absolutely love. Both have been a huge deal for me the past year almost. Hackers never sleep and so shouldn’t you, apparently.
Anyway, make your sites more secure with these simple steps.
HSTS, HTTPS and SSL
We’ve already discussed HSTS and the site securityheaders.io. Make sure you’ve read this post earlier. It’s WordPress related where this one is for Apache as a whole (or Nginx even). You even have to secure your security as it seems.
Now about securing your SSL. First, do a check at the Qualys site, which measures the current state of your SSL. You might be surprised. This site is a respectable site to perform these sorts of test but there are other as well. Next, check the versions of Apache (or Nginx) and OpenSSL:
# httpd -version
# openssl version
I opted for the ‘modern’ configuration, put it in my
/etc/httpd/sites-enabled configuration file and went from a B to an A+.