Vixrapedia:Security

From Vixrapedia
Jump to navigation Jump to search

This page details the security settings used by Vixrapedia.

SSL/TLS

All Vixrapedia web pages are served only via HTTPS: all information transmitted to and from Vixrapedia is always encrypted.

Vixrapedia enables HTTP Strict Transport Security (HSTS), and so compliant browsers (including Chrome, Firefox, Opera, Safari, IE 11 and Edge) should never send unencrypted requests. We are also on the preload list, so all communication to vixrapedia, at least by browsers that use the preload list (including Chrome, Firefox, Opera, Safari, IE 11 and Edge), cannot be hijacked. See: https://hstspreload.org.

Vixrapedia uses Let's Encrypt for its SSL certificates. The cipher suites currently accepted are:

TLS 1.3

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256

TLS 1.2

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Only TLS versions 1.2 and 1.3 are supported, and all the cipher suites listed support perfect forward secrecy.

Vulnerability Report

Qualys SSL Labs