Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Configurable Security Headers and Cyphers

  • 0
  • Self Hosted
View on Discord
jordorama
25 Oct, 2023, 20:39

Im looking for a way to increase the Strict-Transport-Security time from the default of 126 days to something higher. There are other security headers I would like to add as well.

TypeScript
Content-Security-Policy
• X-Frame-Options
• X-XSS-Protection (or use Content-Security-Policy)
Referrer-Policy
Permissions-Policy
• X-Permitted-Cross-Domain-Policies
Cache-Control
Pragma (?)

I'm also curious if we can remove weak cyphers such as

TypeScript
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK    128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK    256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK    128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK    256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK    128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK
TL;DR
User wants to increase the Strict-Transport-Security time and add other security headers. They also want to remove weak ciphers.
Tessa
25 Oct, 2023, 20:41

/cc @Jake

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more