Update SECURITY.md: add OCSP stapling and disabled TLS session tickets

This commit is contained in:
Jeroen 2022-08-23 17:37:27 +02:00
parent 7ceff459e9
commit 68e9681240
Signed by: jeroen
GPG Key ID: 7C7028F783798BAB

View File

@ -15,7 +15,11 @@ This Gitea instance is configured following best practices, in order to thwart l
### Web front-end
- Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS).
- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption, with the following ciphers: `ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM` and with HSTS.
- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption - with HSTS and the following ciphers:
```
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM
- OCSP stapling is enabled.
- TLS session tickets are disabled (at least until Nginx fixes this properly).
### Networking