Using CloudFlare 1.1.1.1 with TLS

Released in April 2018 by Cloudflare, 1.1.1.1 is a very attractive choice for resolving your DNS queries. It claims to be the fastest although it depends on your location. It gets top marks for privacy by holding logs for a max of 24 hour and it offers an encrypted link with TLS. Here is how to use the encrypted TLS version of their service (on a Linux box) Install Unbound sudo apt-get install unbound Configure Unbound cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original cat > /etc/unbound.conf server: verbosity: 1 do-tcp: yes do-udp:…

read more...

Secure SSL configuration for Nginx

Here is a handy snippet for configuring a hardened SSL/TLS on Nginx. It receives a A+ rating when tested at Qualys. A later post will discuss the configuration options in detail, what they do, and how SSL works. Just a word of warning, this configuration enables HSTS by default. If enabled, it tells the browser that it (and its subdomains) must only operate in HTTPS mode. Nginx configuration server { ###------IPv4 Listen Address listen <ipv4address>:443 http2 ssl; ###------IPv6 Listen Address # listen <ipv6address>:443 http2 ssl ipv6only=on; ###------Host name server_name <fqdn>; ###------Enable…

read more...