I'm surprised that in my many years of using HFS I hadn't seen this thread. I personally already use STunnel with a CA provided SSL certificate to secure my server. I don't know if you have cipher settings set in STunnel but if you want to increase security (by disallowing less secure methods) I would suggest adding the following line to your stunnel.conf:
That will also make Google Chrome stop telling you that the connection is encrypted using obsolete cryptography.
Code: [Select]
; Set Specific Ciphers
ciphers = ECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOW
That will also make Google Chrome stop telling you that the connection is encrypted using obsolete cryptography.
Logged