Share this article:

Blog
Feb 15, 20223 min read

How we optimised an SSL overall rating from B to A+

Mihail Shahov

CEO

How we optimised an SSL overall rating from B to A+

With Skillbrowser you can browse, confirm and rate the skills of IT suppliers as well as connect with new customers. The product owner recently needed to switch vendors and we are pleased that he trusted us with the ongoing support & maintenance.

One day we received a really odd support ticket that some people were facing an issue with SSL and are not able to open the site at all. It seemed that for some clients the SSL Certificate was not valid so we decided to do a SSL audit using the SSL Labs test tool and the results were not good at all - grade B with several warnings in place.

Skillbrowser Overall rating before our SSL optimization - B

Our DevOps team immediately came up with a six steps plan to be executed in order to boost the SSL rating.

  • Leave only TLS 1.2 and TLS 1.3

    TLS 1.0 and 1.1 were deprecated in 2020 so they needed to step back.

  • Fix the incomplete certificate chain warning

    Certificate from the Certificate Authorities was not found in the built-in trust list so some visitors were seeing an “incomplete chain” error. We obtained the necessary intermediate certificates and added them to the configuration and this issue was gone.

  • Fix the Forward Secrecy warning

    This one was easy we just needed to configure the Apache server for Forward Secrecy removing the link between server’s private key and each session key and disabling attackers from using the private key to decrypt any of the archived sessions.

  • Fix certificate path in docker infrastructure

    This step was specific to the existing docker infrastructure of the project. After our change, one manual step needed to be executed after each deployment was removed.

  • Add DH parameters

    The default key size in OpenSSL is 1024 bits, which seems breakable with the computing power of a nation-state so we generated DH parameters with OpenSSL making the key 4096 bits now.

  • Additional optimisations
    • Added the Strict-Transport-Security response header that informs browsers that the site should only be accessed using HTTPS.
    • Adjusted some of the present ssl_sessions settings.
    • Done proper setup of ssl_ciphers for TLS1.2, TLS1.3.
    • Added the X-Content-Type-Options and X-XSS-Protection header. The first one allows you to avoid MIME type sniffing while the second one stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

After implementing our plan we came up with a grade A+ result without any warnings. Not bad at all!

Skillbrowse Overall rating after our successful SSL optimization - A+

Another measurable exceptional result from our work!

SUBSCRIBE TO OUR NEWSLETTER

Share this article:

SUBSCRIBE TO OUR NEWSLETTER

Related Blog Articles

    Why startups hesitate to work with a bespoke software development agency – and how we address every concern

    Blog

    Why startups hesitate to work with a bespoke software development agency – and how we address every concern

    Startups often hesitate to work with software agencies due to concerns over cost, control, and flexibility. Discover how Bulcode’s bespoke software solutions address each challenge, ensuring growth and agility.

    Written by Svetoslava Angelova
    Nov 05, 20245 min read
    Building a high-performing Agile team: Our proven approach

    Blog

    Building a high-performing Agile team: Our proven approach

    Discover how we build high-performing Agile teams by defining clear roles, fostering collaboration, and using flexible tools.

    Written by Svetoslava Angelova
    Aug 27, 20248 min read
    Drupal 11: What to expect? Comprehensive guide to new features and enhancements

    Blog

    Drupal 11: What to expect? Comprehensive guide to new features and enhancements

    Drupal 11 is out! In this article, discover it's exciting features and improvements. Upgrade now to redefine your digital strategy with Bulcode's expert support.

    Written by Svetoslava Angelova
    Aug 05, 20247 min read
    Single Directory Components in Drupal core: A comprehensive overview

    Blog

    Single Directory Components in Drupal core: A comprehensive overview

    Explore how Single Directory Components (SDC) in Drupal Core streamline the development process by encapsulating component-related files into a single directory. Learn about the benefits of SDCs and follow a step-by-step guide to implement them in your Drupal projects.

    Written by Nikolay Tsekov
    Aug 07, 20244 min read
    Config ignore module tutorial for Drupal

    Blog

    Config ignore module tutorial for Drupal

    Sometimes we don't want our configurations to be shared in the codebase. So what can we do in such cases?

    Written by Ivaylo Tsandev
    Jul 27, 20217 min read
    Understand Drupal versions and plan a migration strategy

    Blog

    Understand Drupal versions and plan a migration strategy

    Recognise the various Drupal versions and keep your website up-to-date.

    Written by Svetoslava Angelova
    Mar 21, 20224 min read
    Drupal 9 convert image to WebP format

    Blog

    Drupal 9 convert image to WebP format

    WebP is able to take data compression to a new level thanks to the inclusion of a prediction mode to the JPG process, making it clear to see how it can outperform its JPG-based relative. And we have the results to prove it.

    Written by Vasil Boychev
    Apr 06, 20228 min read
    React overview - Definition, SPA, Components, Hooks

    Blog

    React overview - Definition, SPA, Components, Hooks

    React is a free and open-source front-end JavaScript framework for creating user interfaces based on UI components. It is also known as React.js or ReactJS.

    Written by Mihail Shahov
    May 13, 20226 min read
    What is Agile and why we use it?

    Blog

    What is Agile and why we use it?

    Agile is a time-boxed, iterative method to software delivery that aims to provide software gradually throughout the project rather than all at once near the end.

    Written by Svetoslava Angelova
    Sep 15, 20225 min read
    NVM vs NPM vs Yarn

    Blog

    NVM vs NPM vs Yarn

    Compared to the three technologies, NVM differs from the other two. Node Version Manager (NVM) is used to manage Node.js versions. NPM and Yarn are Node.js package managers. They allow downloading, installing, and managing packages when developing in JavaScript.

    Written by Ventsislav Venkov
    Sep 15, 20225 min read
    Which IT engagement model is right for you?

    Blog

    Which IT engagement model is right for you?

    Fixed price, time and materials, or dedicated teams? Consider carefully all the pros and cons of the engagement model for your project.

    Written by Svetoslava Angelova
    Sep 26, 202210 min read
    Varna and Burgas airports' websites use React components in Drupal

    Blog

    Varna and Burgas airports' websites use React components in Drupal

    Drupal is a modular system whose functions can be adapted to many different requirements, which is particularly important for public administration projects.

    Written by Mihail Shahov
    Nov 04, 20224 min read

    GET IN TOUCH

    Have a project you'd like to launch?