Skip to content

Instantly share code, notes, and snippets.

View danpalmer's full-sized avatar

Dan Palmer danpalmer

219 followers · 32 following
View GitHub Profile
@danpalmer
danpalmer / poodle.diff
Last active August 29, 2015 14:14
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index a97dd8c..487cc14 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -23,7 +23,7 @@ server {
- ssl_protocols SSLv3 TLSv1;
+ ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
@danpalmer
danpalmer / tls1.2.diff
Created January 24, 2015 09:19
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index 487cc14..7701f2e 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -23,7 +23,7 @@ server {
- ssl_protocols SSLv2 TLSv1;
+ ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
@danpalmer
danpalmer / ssl_caching.diff
Created January 24, 2015 09:59
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index a2f5c6e..94ecbdb 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -24,6 +24,7 @@ server {
+ ssl_session_cache shared:SSL:2m;
@danpalmer
danpalmer / danpalmer.me.crt
Created March 23, 2015 16:38
-----BEGIN CERTIFICATE-----
MIIF9DCCBNygAwIBAgIRAIC3i21tSsS9tuhDfry1vSwwDQYJKoZIhvcNAQELBQAw
... truncated danpalmer.me certificate
CXzhUG9MBZRsbq2vqQhgnCwlAiF+K/SOj7BF0t7tvE7IUvGYV0I+aQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwF
... truncated Gandi certificate
xzFfBT02Vf6Dsuimrdfp5gJ0iHRc2jTbkNJtUQoj1iM=
-----END CERTIFICATE-----
@danpalmer
danpalmer / disable_tls11.diff
Created March 23, 2015 17:04
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index 487cc14..7701f2e 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -23,7 +23,7 @@ server {
- ssl_protocols TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
@danpalmer
danpalmer / hsts.diff
Created March 23, 2015 17:40
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index 487cc14..7701f2e 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -23,7 +23,7 @@ server {
+ add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
@danpalmer
danpalmer / ocsp_stapling.diff
Last active August 29, 2015 14:17
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index 487cc14..7701f2e 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -23,7 +23,7 @@ server {
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/ssl/certs/ca-certs.pem;
+ resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844];
@danpalmer
danpalmer / dhparam.diff
Created March 23, 2015 22:19
diff --git a/nginx_ssl.conf b/nginx_ssl.conf
index 683549c..03b9696 100644
--- a/nginx_ssl.conf
+++ b/nginx_ssl.conf
@@ -33,6 +33,7 @@ server {
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:2m;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
@danpalmer
danpalmer / keybase.md
Created February 14, 2017 17:02

Keybase proof

I hereby claim:

  • I am danpalmer on github.
  • I am danpalmer (https://keybase.io/danpalmer) on keybase.
  • I have a public key whose fingerprint is A22E 9ACE 88B8 3849 E985 22FE 1CBB 0EBE 58F4 24A7

To claim this, I am signing this object:

@danpalmer
danpalmer / fediverse-server-graph.md
Last active January 10, 2023 21:43
Fediverse Server Graph

What is this?

The first ~13,000 server to server relationships from the Fediverse, as mapped starting from me, and branching out.

There exists an edge between servers if someone from one follows someone from the other. This is very limited, don't read too much into it. Note: each edge exists only once, the nodes being ordered alphabetically.