How to improve SSL/TLS?


As many of you probably, I use SSL/TLS to secure the connection to my Yunohost site.
But, according to, it hasn;t been set up in the best possible way.

Of course the cert is not trusted as it is self-signed, but there are more problems with it:

  • This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
  • Certificate has a weak signature and expires after 2016. Upgrade to SHA2 to avoid browser warnings.
  • This site works only in browsers with SNI support.

Full report here:

Are there people here who now how to improve the SSL encryption on yunohost?
Any tips, how-to’s and step by step manuals are very welcome!

Hey dosh,
Have a certificate signed by Startssl. It’s free.
Before going to Startssl, you can create a CSR (tutorial in French).
And to register your certificate on your server: Yunohost doc.