GNU bug report logs -
#47823
Hardenize Guix website TLS/DNS
Previous Next
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi There,
Scanning Guix website gave many missing security features which modern
security needs them to be available:
* TLS and DNS:
looking at:
https://www.hardenize.com/report/guix.gnu.org/1618568751
https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
- DNS: DNSSEC support missing (important)
- TLS 1.0 , 1.1 considered deprecated since 2020
- Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl
- Use only secure ciphers, disable old ciphers
- Force redirection of insecure connection with plain text to TLS
- HSTS/HSTS-preload support missing (important)
* Web Application (Headers):
I think its self explanatory:
https://securityheaders.com/?q=https%3A%2F%2Fguix.gnu.org%2F&followRedirects=on
ThX!
This bug report was last modified 2 years and 13 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.