Improving security of web services

From: Lasse Brandt <lab_at_dk-hostmaster.dk>
Date: Wed, 22 Jun 2016 10:32:27 +0000

Hi,

We are currently in a process of upgrading and further securing most of our web based services. We don’t expect any downtime with these changes, neither is there any change in functionality. These changes are related specifically to our TLS configuration for HTTPS (technical information below). Plan of changes is:

22. June 2016 ( today ):
* Upgrading sandbox DAS service on: https://das-sandbox.dk-hostmaster.dk

23. June 2016:
* Upgrading sandbox DSU service on: https://dsu-sandbox.dk-hostmaster.dk
* Upgrading sandbox Preact service on: https://preact-sandbox.dk-hostmaster.dk

27. June 2016:
* Upgrading https://brugervalidering.dk-hostmaster.dk
* Upgrading https://stats.dk-hostmaster.dk
* Upgrading https://dsu-preprod.dk-hostmaster.dk
* Upgrading https://preact-preprod.dk-hostmaster.dk

28. June 2016
* Upgrading https://eboks.dk-hostmaster.dk
* Upgrading https://preact.dk-hostmaster.dk
* Upgrading https://dsu.dk-hostmaster.dk

29. June 2016
* Upgrading https://liste.dk-hostmaster.dk

The technical changes for this upgrade is:

* We disable support for TLSv1.0 and v1.1 and only support TLSv1.2 onwards.
* Enabling SSL stapling
* Accepted ciphers list is shortened a bit, valid ciphers is build with help of https://mozilla.github.io/server-side-tls/ssl-config-generator/
* HSTS is already enabled, but changed from 1 year to 6 months

Finally, we are changing our certificate provider to Lets Encrypt for automation reasons.

If you experience any problems or have questions to this, please contact us on: tech_at_dk-hostmaster.dk

--
Med venlig hilsen/Best Regards
Lasse Brandt
Network and System Administrator

DK Hostmaster A/S
Kalvebod Brygge 45, 3. sal
1560 København V

Tlf. 33 64 60 60
Fax.: 33 64 60 66
Email: lab_at_dk-hostmaster.dk
Homepage: https://www.dk-hostmaster.dk <https://www.dk-hostmaster.dk/>

.dk Danmarks plads på Internettet

-------------------------------------------------------------------------
This is an email from DK Hostmaster A/S. This message may contain
confidential information and is intended solely for the use of the
intended addressee. If you are not the intended addressee please notify
the sender immediately and delete this e-mail from your system. You are
not permitted to disclose, distribute or copy the information in this
e-mail.
--------------------------------------------------------------------------

Received on Wed Jun 22 2016 - 12:32:27 CEST

This archive was generated by hypermail 2.3.0 : Tue Mar 24 2020 - 08:55:02 CET