Hi There,
Scanning Guix website gave many missing security features which modern
security needs them to be available:
* TLS and DNS:
looking at:
https://www.hardenize.com/report/guix.gnu.org/1618568751
https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
- DNS: DNSSEC support missing (important)
- TLS 1.0 , 1.1 considered deprecated since 2020
- Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl
- Use only secure ciphers, disable old ciphers
- Force redirection of insecure connection with plain text to TLS
- HSTS/HSTS-preload support missing (important)
* Web Application (Headers):
I think its self explanatory:
https://securityheaders.com/?q=https%3A%2F%2Fguix.gnu.org%2F&followRedirects=on
ThX!
