mgzrobles's picture

Impedir ataque BEAST

tengo un servidor debian con openssl 0.9.8 y estoy intentando impedir la vulnerabilidad BEAST, hasta el momento sin éxito. Utilizo nessus para detectarla...

Si alguno sabe como resolverla le agradecería su aporte!.

En la mayoría de los sitios dicen de permitir únicamente TLSv1.1 o 1.2 pero con la versión de openssl que tengo no es posible que yo sepa.

Estas son las URLs con la info que he visto:

Read more
mmncs's picture

How to enable ssl on a drupal 7 site

Hi everybody,

I have a VPS which is running Ubuntu with NGINX.

I have just created a Drupal Commerce site where I would like to enable SSL for the checkout procedure. So I would like to enable SSL for this site and limit the secure pages to only those during checkout. I am using the PayPal WPP - credit card, payment method and any help would be much appreciated.

Thanks for your time.


Read more
tribe_of_dan's picture

Using SSL with Server Alternate Names

I'm developing a facebook application (page tabs) for a site I'm developing and about to launch. I needed SSL so I purchased an SSL Certificate.

The plan was to develop the App whilst the site is a and then migrate it later.

I figured out that I'd need a certificate with Subject Alternate Names. So I purchase one from GeoTrust and added the appropriate subdomains e.g. (dev. stg. www.)

I only have one IP address at the moment. My question is, what is the best way to set it up to work best with BOA.

Read more
Anonymous's picture

ssl secure page instegration into our drupal site | maxAwareness

Employment type: 

Webdeveloper needed to integrate SSL or secure pages module into our shopping cart.

Dedicated Server has been SSL enabled and cart is all set up. We require module integration and checking if it all works perfect so that our cart is secure to gain a TRUSTe Site Validation.

Read more
cookiesunshinex's picture

Mercury (Varnish) with SSL only traffic?

Our use case for our Mercury install has suddenly changed in our architecture and it has been determined that we will use SSL only traffic.

I've been trying to read up on how to get Varnish to interact with HTTPS. It appears, to my dismay, that Varnish does not play well with SSL.

I've found this thread:
Enforcing SSL Behind AWS Load balancer

and this blog post
Setting up Pressflow and Varnish to work with HTTP and HTTPS

Read more
perusio's picture

My Nginx config complete or sort of with an appendix on TLS/SSL

I've finally completed my Nginx config for Drupal.

Feel free to comment on it and suggest improvements.

In terms of SSL/TLS I opted for the defaults in Nginx (after 0.8.21) that limit the available protocol versions do SSLv3 or later and also cross out support for MD5 as message digest algorithm and anonymous Diffie-Hellman key exchange.

Read more
mfb's picture

Secure Login module not dead yet

Secure Login module was in need of a maintainer, so I decided to take it on.

What I like about Secure Login is that it's a small, simple module that makes it easy to enforce secure (SSL) logins on a Drupal site.

I've already committed a Drupal 7 version which could use testing and feedback.

Read more
saepl's picture

Online Forms and security


I would love some feedback / discussion regarding security and the submission of online forms using sensitive data. I work for a small college and our website is hosting in a shared environment. There has been discussion about making the college application form, application for residence form and a few others available online. What tips / concerns can you provide to securely get the information from the user in an encrypted fashion?

My primary concerns are storage of private information on a shared server and emailing of private information in an unencrypted fashion.

Read more
adrian's picture

Aegir 0.4 alpha 9 released

We are proud to announce the 0.4 Alpha 9 release of the Aegir Hosting System. This release introduces our 'multi-server' functionality, which mostly resolves the primary goal for the 0.4 release cycle.

UPDATED: critical errors found in this release:

#875192 switched to subversion from CVS, breaking Drush. We need to roll a new release of drush.
#874716 Files directories on remote web servers are being deleted on rsync. DO NOT USE THIS FEATURE ON PRODUCTION SITES YET!

Read more
wxman's picture

Drupal behind HAProxy and Stunnel for SSL


Read more
Subscribe with RSS Syndicate content