laylo/docs
1
0
Fork 0
Code Releases Activity

Update SECURITY.md: add OCSP stapling and disabled TLS session tickets

Browse Source
This commit is contained in:
Jeroen 2022-08-23 17:37:27 +02:00
parent 7ceff459e9
commit 68e9681240
Signed by: jeroen
GPG Key ID: 7C7028F783798BAB
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
SECURITY.md
View File

@ -15,7 +15,11 @@ This Gitea instance is configured following best practices, in order to thwart l
### Web front-end ### Web front-end
- Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS). - Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS).
- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption, with the following ciphers: `ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM` and with HSTS. - TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption - with HSTS and the following ciphers:
```
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM
- OCSP stapling is enabled.
- TLS session tickets are disabled (at least until Nginx fixes this properly).
### Networking ### Networking