Today is a pretty significant day for this website. I’ve finally caved in and implemented something I have been constantly putting off until now - I am finally serving everything through HTTPS! Hooray!

It was, quite possibly the simplest implementation I’ve ever had to do (and that says something, since I will be the first to admit my SSL knowledge is definitely not complete). StartSSL made the process of getting an individual SSL cert absolutely painless - I’m thrilled that I was able to get a cert so easily. While I may end up caving in for a multi-domain cert sometime in the future, right now I’m pretty content with how everything is working so far.

I ran a quick test using (Qualys SSL Test)[https://www.ssllabs.com/ssltest], scored a disappointing C, and made the required changes (removing SSLv3 and allowing only TLS) to beat out POODLE. I’m waiting a bit for everything to refresh and then I’m gonna shoot for another run, hopefully landing in the A range.

I’m going to throw a few links down below that were perfect for doing an SSL implementation on Nginx. They helped clarify what exactly needed to be updated and provided a decent explanation.

Qualys: SSL is dead, killed by the POODLE attack

Security Labs: Configuring Apache, Nginx, and OpenSSL for forward secrecy

Nginx: Nginx, POODLE, and SSL

Julian Simoni: HTTPS on Nginx, from zero-to-A+, part 1

Now to fix this perfect forward secrecy implementation…