Menu
Facebook Hacker Pro 2.8.9 Crack Activator is 100% great working software and can gives more benefits to customer, developer, and designer to remove complexity. After using this Facebook Hacker Pro 2.8.9 Activation Key mostly Facebook users enables to get extra hacking knowledge easily. It has totally main functions. Berkeley Electronic Press Selected Works. The top 0.1 percent is fewer than 200,000 families. The bottom 90 percent? About 110 million households. Warren would put a 2 percent tax on every dollar of net worth above $50 million and a 3. Praise.com Staff. Overcommitment Is a Deadly Sin Jim Burns. Are You a Social Media Bragger? Holding Faith: The Blog I Was Afraid to Write Sarah Nguyen. Love is a Five-Letter Word Sarah Nguyen. Facebook; Instagram; Twitter. 472,263 likes 1,456 talking about this. Be encouraged to live a life of praise through our all-new, free Christian radio station, app, daily devotions, and Bible-based life advice.
… on Ubuntu 18.04 or 20.04
In January 2020, SSL Labs started to downgrade ratings for websites still using TLS 1.0 and TLS 1.1 Protocols. In this tutorial we will:
- Disable TLSv1.0 and TLSv1.1 and enable TLSv1.3,
- Enable HTTP/2 if it still isn’t,
These changes should not affect servers using Let’s Encrypt / Certbot. Please BACKUP your server / websites now!
1. Disable TLS v1.0 and TLS v1.1, enable TLS v1.3
Should you really disable TLS v1.0 and TLS v1.1?
Disabling TLS 1.1 and 1.1 and improving cipher strength will cause problems for a small percentage of your audience: those using deprecated browsers / OS versions. On this example I disabled TLSv1 & v1.1 and removed weak ciphers on a server, resulting in several audience “losses”:
As of November 29, 2019, most of the biggest Websites (Wikipedia, Google, Facebook) still support TLSv1.0 and TLSv1.1 as well as weaker cipher suites – maybe they have good reasons to do so. Twitter has already removed TLS 1.0 and 1.1 support.
If I disable TLS v1.0 and TLS v1.1, should I enable TLS v1.3?
Yes, you should definitely enable TLS v1.3 – even if you keep TLS 1.0 / 1.1. TLS 1.3 is faster than version 1.2, and it is already supported by most mainstream browsers (screenshot taken on November 29, 2019):
Use the following link to check the current browser support of TLS 1.3 on “Can I use”: Can I use TLS 1.3?
Disable TLS 1.0 / 1.1 and enable TLS 1.3
We are going to edit at least two different configuration files:
/etc/nginx/nginx.conf
/etc/nginx/sites-available/example.com
(or/default
)
If you use Certbot / Let’s Encrypt, we may also edit this third configuration file:
/etc/letsencrypt/options-ssl-nginx.conf
Step 1: edit nginx.conf
First, backup the
nginx.conf
configuration file:sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.backup-tls
Then edit this configuration file, for example with Nano:
sudo nano /etc/nginx/nginx.conf
Praise V1 0 1 – Facebook And Twitter Share Prices
Look for the following line within a
http { }
block. This line may (or may not) be commented after a hash as follows:ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
Simply remove
TLSv1 TLSv1.1
from the line. Add TLSv1.3
, the line now should look like this:ssl_protocols TLSv1.2 TLSv1.3;
Save the file by typing Ctrl + O, then ⏎ Enter and finally Ctrl + X to exit.
Check if the Nginx configuration is valid:
nginx -t
Reload Nginx:
sudo service nginx reload
![Praise v1 0 1 – facebook and twitter shares Praise v1 0 1 – facebook and twitter shares](https://nnimgt-a.akamaihd.net/transform/v1/crop/frm/storypad-Pf2a2ZrjD2kgJdz2Zrw2X9/e83fa5bc-c11a-4ff1-bb3d-49ec9d52dbec.JPG/r0_0_4896_3014_w1200_h678_fmax.jpg)
As a last step, check if TLS 1.0 and 1.1 are effectively disabled on your host, for example using the SSL Labs server testing service. Step 1 may already be sufficient in some configurations.
What if TLS 1.0 and 1.1 are still NOT disabled?
Go on with step 2.
Step 2: edit the server block configuration file
Old SSL protocols may still be active in the server block configuration. Find your server configuration file:
cd /etc/nginx/sites-available/
ls -l
Edit the server block configuration, for example:
OR
sudo nano /etc/nginx/sites-available/default
OR
sudo nano /etc/nginx/sites-available/example.com
Again, look for the following line:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Remove the protocols marked in red, add
TLSv1.3
to get the following line:ssl_protocols TLSv1.2 TLSv1.3;
Mame 0 163 roms download free. Save the file and exit nano ( Ctrl + O , ⏎ Enter , Ctrl + X ), test the configuration, reload Nginx, and test your Website.
nginx -t
sudo service nginx reload
What if you can’t find the ssl_protocols
line in this file?
Go on with step 3.
Step 3: edit options-ssl-nginx.conf
If you use Certbot to generate or renew Let’s Encrypt certificates, you probably won’t find the
ssl_protocols
line, but the following “include” command:include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
Exit nano without saving ( Ctrl + X ) and edit the Let’s Encrypt shared SSL settings:
sudo nano /etc/letsencrypt/options-ssl-nginx.conf
This configuration file is short:
Again, remove
TLSv1 and TLSv1.1
in the following line and add TLSv1.3
:ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
The line should look like this:
ssl_protocols TLSv1.2 TLSv1.3;
Test the configuration, reload Nginx and test your Website.
nginx -t
sudo service nginx reload
Did these changes affect Certbot / Let’s Encrypt certifications renewals?
Check if renewal works using:
sudo certbot renew --dry-run
However, this check may be insufficient in our case. Please BACKUP your website before forcing a cert renewal:
certbot renew --force-renewal
In my experience, there were no problems with Certbot after making TLS version changes.
2. Enable HTTP/2 in Nginx
This part is really easy. First check your Nginx version:
nginx -v
To run HTTP/2, you must use Nginx version 1.9.5 or later – which should be no problem on Ubuntu 18.04 and later releases. You websites should also use SSL/TLS encryption.
Edit the server block configuration, for example:
sudo nano /etc/nginx/sites-available/default
OR
sudo nano /etc/nginx/sites-available/example.com
Look for the following lines within the
server { }
block:If you use Certbot, these lines will probably be at the end of the file and look like this:
Simply add
http2
after 443 ssl
on both lines. In the second example (Certbot), it should now like like this:Save the file and exit nano ( Ctrl + O , ⏎ Enter , Ctrl + X ), test the Nginx configuration and reload Nginx:
nginx -t
sudo service nginx reload
Test if HTTP/2 is active
To test if HTTP/2 has been successfully enabled, you for example use KeyCDN’s (free) online tool:
KeyCDN HTTP/2 Test Tool
KeyCDN HTTP/2 Test Tool
By the way, HTTP/3 is coming soon: it is currently being implemented in Nginx 1.17 and making its way to Chrome, Firefox and Cloudflare.
3. Improve Nginx security
This part of the tutorial assumes you use Let’s Encrypt with Certbot.
3.1. Edit the Let’s Encrypt shared SSL settings (options-ssl-nginx.conf)
Open the Let’s Encrypt shared SSL settings file:
sudo nano /etc/letsencrypt/options-ssl-nginx.conf
Improve SSL session cache, disable SSL session tickets
SSL shared session cache is already active in the default Certbot configuration. Modify the SSL session cache to increase cache and reduce timeout:
ssl_session_cache shared:le_nginx_SSL:40m; # holds approx 40 x 4000 sessions
ssl_session_timeout 2h;
ssl_session_tickets off;
![Praise v1 0 1 – facebook and twitter shares Praise v1 0 1 – facebook and twitter shares](https://nnimgt-a.akamaihd.net/transform/v1/crop/frm/KZaNUykJELxpFbHEVQHkBW/e9a29e09-cf21-45a4-87c1-d43f4f27c61f.jpg/r0_0_798_1199_w1200_h678_fmax.jpg)
Use a stronger cipher suite
Replace the default cipher suite in the Let’s Encrypt shared SSL settings. Even the “Old” cipher suite in Mozilla’s SSL Configuration Generator is stronger than Let’s Encrypt default cipher list. Mozilla’s “Intermediate” list for TLS v1.2 could be a good choice:
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
3.2. Edit the server block configuration
Edit the server block configuration, for example:
sudo nano /etc/nginx/sites-available/default
OR
sudo nano /etc/nginx/sites-available/example.com
(Give up) OCSP stapling
Update! OCSP stapling seems to be useless:
SSL certificate revocation and how it is broken in practice
SSL certificate revocation and how it is broken in practice
Mozilla’s Web Security Cheat Sheet doesn’t even mention OCSP stapling anymore:
Web Security Cheat Sheet
Web Security Cheat Sheet
Websites like Twitter, Facebook and Google don’t use OCSP stapling (but Wikipedia does).
If you still want to use OCSP stapling, edit the server block configuration, for example:
sudo nano /etc/nginx/sites-available/example.com
Adapt and add the following lines:
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
HTTP Strict Transport Security (HSTS)
Inside the
server {}
block, add the following lines:# HSTS (63072000 seconds = 2 years)
add_header Strict-Transport-Security 'max-age=63072000; includeSubdomains;' always;
Pdfoutliner 1 4 download free. or for one year:
# HSTS (31536000 seconds = 1 year)
add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains;' always;
Be careful with HSTS preloading!
“Be aware that once you set the STS header or submit your domains to the HSTS preload list, it is impossible to remove it. It’s a one‑way decision to make your domains available over HTTPS.” Read more at:
Activating HSTS preloading should be considered thoroughly. In this guide we chose not to use HSTS preloading.
X-Content-Type-Options and X-Frame-Options
Add the following lines to the
server {}
block:add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
Praise V1 0 1 – Facebook And Twitter Share Price
Useful SSL resources:
- Mozilla’s SSL Configuration Generator: a fantastic tool to generate Nginx (and Apache) SSL configurations. Follow this link for an example with Nginx Stable 1.16, OpenSSL 1.1.1 and only TLSv1.2 and TLSv1.3.
By Johannes Eva, November 2019 – June 2020
Related Posts:
- Twenty Fifteen WP theme: the right way to remove… If you're trying to remove the post dates and author in Wordpress Twenty Fifteen theme, you…
- Wordpress: remove links to images Wordpress default settings are somewhat awkward: if you insert an image (or any picture or media)…
- Vantage Wordpress Theme – Remove the footer If you run the Vantage theme on Wordpress, you'll notice the 'A SiteOrigin Theme' footer. If…
- The Fairphone 2, Free Software and alternative… The Fairphone 2 is made by a certified B-Corporation based in Amsterdam, The Netherlands. The Fairphone…