1- hmm? why A rate should be ok? A+ is the target that you should aim for.
Nevertheless, remove weak/stupid TLS ciphers in TLS 1.2 (e.g check
grapheneos.org in ssllab/hardenizer to see which ciphers are the
secure/recommended one to keep)
2- "While I prefer DNSSEC on my domains, I see nothing wrong with
guix.gnu.org"
Sorta contradictory, still (arguably) essential to have.
*-*-*-*
Extra fruit: in Whonix/Kicksecure and Danwin websites (i know) they
changed the certificate signature from SHA256withRSA (RSA 2048 bits) to
SHA384withECDSA (EC 384 bits) which is faster and more secure.
e.g: https://www.hardenize.com/report/whonix.org/1685550053#www_certs
This is just easy request to be made from letsencrypt and they will
issue new one for you.
Thank You!
Felix Lechner:
On Sun, May 21, 2023 at 7:21 PM Felix Lechner
<felix.lech...@lease-up.com> wrote:
For details,
please consult the attached PDF document.
Whoops, here is the missing attachment.
