Today is a pretty significant day for this website. I’ve finally caved in and implemented something I have been constantly putting off until now - I am finally serving everything through HTTPS! Hooray!
It was, quite possibly the simplest implementation I’ve ever had to do (and that says something, since I will be the first to admit my SSL knowledge is definitely not complete). StartSSL made the process of getting an individual SSL cert absolutely painless - I’m thrilled that I was able to get a cert so easily. While I may end up caving in for a multi-domain cert sometime in the future, right now I’m pretty content with how everything is working so far.
I ran a quick test using (Qualys SSL Test)[https://www.ssllabs.com/ssltest], scored a disappointing C, and made the required changes (removing SSLv3 and allowing only TLS) to beat out POODLE. I’m waiting a bit for everything to refresh and then I’m gonna shoot for another run, hopefully landing in the A range.
I’m going to throw a few links down below that were perfect for doing an SSL implementation on Nginx. They helped clarify what exactly needed to be updated and provided a decent explanation.
Now to fix this perfect forward secrecy implementation…