Heya,
As many of you probably, I use SSL/TLS to secure the connection to my Yunohost site.
But, according to https://www.ssllabs.com/, it hasn;t been set up in the best possible way.
Of course the cert is not trusted as it is self-signed, but there are more problems with it:
- This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
- Certificate has a weak signature and expires after 2016. Upgrade to SHA2 to avoid browser warnings.
- This site works only in browsers with SNI support.
Full report here: https://www.ssllabs.com/ssltest/analyze.html?d=1ex.it
Are there people here who now how to improve the SSL encryption on yunohost?
Any tips, how-to’s and step by step manuals are very welcome!