Il 07/09/2014 22:01, pablo platt ha scritto:
I have one user that see a warning in Chrome and can't use my website.
Well... one should know which warning, otherwise it is quite difficult to fix it (if it has to be fixed at all). Could this article be helpful? http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-chrome/
When running a test https://sslcheck.globalsign.com/en_US I'm getting: Sessions may be vulnerable to BEAST attack Server has not enabled HTTP Strict-Transport-Security Server has SSL v3 enabled Server is using RC4-based ciphersuites which have known vulnerabilities Server configuration does not meet FIPS guidelines Server does not have OCSP stapling configured Server has not yet upgraded to a Extended Validation certificate Server does not have SPDY enabled
I do not think that there is a recommended "universal" setting. I use the following and I get an A+ score ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:\ DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256 To enable HTTP Strict-Transport-Security you have to set an header rspadd Strict-Transport-Security:\ max-age=31536000 Hope this helps .marcoc