Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
Hi thanks for the suggestions, we'll do the homework, fix and report back
Give us a couple of days.