Not signed in (Sign In)

Not signed in

Want to take part in these discussions? Sign in if you have an account, or apply for one below

  • Sign in using OpenID

Site Tag Cloud

2-category 2-category-theory abelian-categories adjoint algebra algebraic algebraic-geometry algebraic-topology analysis analytic-geometry arithmetic arithmetic-geometry book bundles calculus categorical categories category category-theory chern-weil-theory cohesion cohesive-homotopy-type-theory cohomology colimits combinatorics complex complex-geometry computable-mathematics computer-science constructive cosmology deformation-theory descent diagrams differential differential-cohomology differential-equations differential-geometry digraphs duality elliptic-cohomology enriched fibration foundation foundations functional-analysis functor gauge-theory gebra geometric-quantization geometry graph graphs gravity grothendieck group group-theory harmonic-analysis higher higher-algebra higher-category-theory higher-differential-geometry higher-geometry higher-lie-theory higher-topos-theory homological homological-algebra homotopy homotopy-theory homotopy-type-theory index-theory integration integration-theory internal-categories k-theory lie-theory limits linear linear-algebra locale localization logic mathematics measure measure-theory modal modal-logic model model-category-theory monad monads monoidal monoidal-category-theory morphism motives motivic-cohomology nlab noncommutative noncommutative-geometry number-theory of operads operator operator-algebra order-theory pages pasting philosophy physics pro-object probability probability-theory quantization quantum quantum-field quantum-field-theory quantum-mechanics quantum-physics quantum-theory question representation representation-theory riemannian-geometry scheme schemes set set-theory sheaf simplicial space spin-geometry stable-homotopy-theory stack string string-theory superalgebra supergeometry svg symplectic-geometry synthetic-differential-geometry terminology theory topology topos topos-theory tqft type type-theory universal variational-calculus

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

Welcome to nForum
If you want to take part in these discussions either sign in now (if you have an account), apply for one now (if you don't).

nLab > nLab Technical Matters: HTTPS and HTTP/2 support

Bottom of Page

1 to 5 of 5

  1.  
    • CommentRowNumber1.
    • CommentAuthoradeelkh
    • CommentTimeDec 14th 2015

    The nLab and nForum now support HTTPS and HTTP/2. Apparently, this should result in improved performance on both. (Thanks to Bas for the suggestion.)

    • CommentRowNumber2.
    • CommentAuthorspitters
    • CommentTimeDec 14th 2015

    Thanks for the great work Adeel! For interested bystanders, Let’s encrypt provides free and convenient certificates. Http/2 should be faster and https should give us some extra google juice.

    • CommentRowNumber3.
    • CommentAuthorspitters
    • CommentTimeMar 4th 2016

    Some people are reporting problems with Safari, possibly related to letsencrypt. Could anyone confirm these issues?

    ssllabs gives us an A+, but we get a “Protocol or cipher suite mismatch” when they simulate Safari 5.1.9 or 6.0.4.

    According to letsencrypt the following are supported: Safari 4.0 (w/ Mac OSX 10.4) (“DST Root CA X3” is trusted) iOS >= 3.1 works (“DST Root CA X3” is trusted)

    • CommentRowNumber4.
    • CommentAuthorDmitri Pavlov
    • CommentTimeMar 4th 2016

    Such errors result from an overly strict configuration of nginx. This doesn’t increase the security of supported browsers, but some older browsers simply cannot access the site.

    For comparison, below is the nginx configuration file that I use for my own site. Essentially, the point of the configuration below is to provide as much security as possible for any browser. (Older browsers necessarily get less security.)

    add_header Strict-Transport-Security "max-age=63072000";
spdy_headers_comp 9;

ssl on;

ssl_certificate /etc/letsencrypt/live/dmitripavlov.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dmitripavlov.org/privkey.pem;

ssl_session_cache shared:SSL:100m;
ssl_session_timeout 24h;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ssl/ticket.key;

# Slightly weaker with a smaller generation,
# but faster and fixes some IE, especially on mobiles.
# ssl_ecdh_curve secp384r1;
ssl_ecdh_curve secp521r1;

ssl_dhparam /etc/nginx/ssl/dhparam4.pem;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/dmitripavlov.org/fullchain.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

# Nginx for Intermediate Browsers
# Grade A-
# 90 % Security
# High Compatibility
# - No Java 6 (No DH parameters > 1024 bits)
# - No IE 6
# Some Forward Secrecy
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    • CommentRowNumber5.
    • CommentAuthoradeelkh
    • CommentTimeMar 5th 2016

    Thanks, Dimitri! I modified the configuration to allow the TLS 1.0 protocol, hopefully it works now.

1 to 5 of 5

  1.