Share this article:

Blog

Feb 15, 20223 min read

How we optimised an SSL overall rating from B to A+

CEO

With Skillbrowser you can browse, confirm and rate the skills of IT suppliers as well as connect with new customers. The product owner recently needed to switch vendors and we are pleased that he trusted us with the ongoing support & maintenance.

One day we received a really odd support ticket that some people were facing an issue with SSL and are not able to open the site at all. It seemed that for some clients the SSL Certificate was not valid so we decided to do a SSL audit using the SSL Labs test tool and the results were not good at all - grade B with several warnings in place.

Skillbrowser Overall rating before our SSL optimization - B

Our DevOps team immediately came up with a six steps plan to be executed in order to boost the SSL rating.

Leave only TLS 1.2 and TLS 1.3
TLS 1.0 and 1.1 were deprecated in 2020 so they needed to step back.
Fix the incomplete certificate chain warning
Certificate from the Certificate Authorities was not found in the built-in trust list so some visitors were seeing an “incomplete chain” error. We obtained the necessary intermediate certificates and added them to the configuration and this issue was gone.
Fix the Forward Secrecy warning
This one was easy we just needed to configure the Apache server for Forward Secrecy removing the link between server’s private key and each session key and disabling attackers from using the private key to decrypt any of the archived sessions.
Fix certificate path in docker infrastructure
This step was specific to the existing docker infrastructure of the project. After our change, one manual step needed to be executed after each deployment was removed.
Add DH parameters
The default key size in OpenSSL is 1024 bits, which seems breakable with the computing power of a nation-state so we generated DH parameters with OpenSSL making the key 4096 bits now.
Additional optimisations
- Added the Strict-Transport-Security response header that informs browsers that the site should only be accessed using HTTPS.
- Adjusted some of the present ssl_sessions settings.
- Done proper setup of ssl_ciphers for TLS1.2, TLS1.3.
- Added the X-Content-Type-Options and X-XSS-Protection header. The first one allows you to avoid MIME type sniffing while the second one stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

After implementing our plan we came up with a grade A+ result without any warnings. Not bad at all!

Skillbrowse Overall rating after our successful SSL optimization - A+

Another measurable exceptional result from our work!

SUBSCRIBE TO OUR NEWSLETTER

Share this article:

SUBSCRIBE TO OUR NEWSLETTER

Related Blog Articles

Blog

Building a high-performing Agile team: Our proven approach

Discover how we build high-performing Agile teams by defining clear roles, fostering collaboration, and using flexible tools.

Written by Svetoslava Angelova

Aug 27, 20248 min read

Blog

Drupal 11: What to expect? Comprehensive guide to new features and enhancements

Drupal 11 is out! In this article, discover it's exciting features and improvements. Upgrade now to redefine your digital strategy with Bulcode's expert support.

Written by Svetoslava Angelova

Aug 05, 20247 min read

Blog

Single Directory Components in Drupal core: A comprehensive overview

Explore how Single Directory Components (SDC) in Drupal Core streamline the development process by encapsulating component-related files into a single directory. Learn about the benefits of SDCs and follow a step-by-step guide to implement them in your Drupal projects.

Written by Nikolay Tsekov

Aug 07, 20244 min read

Blog

Drupal 9 convert image to WebP format

WebP is able to take data compression to a new level thanks to the inclusion of a prediction mode to the JPG process, making it clear to see how it can outperform its JPG-based relative. And we have the results to prove it.

Written by Vasil Boychev

Apr 06, 20228 min read

Blog

React overview - Definition, SPA, Components, Hooks

React is a free and open-source front-end JavaScript framework for creating user interfaces based on UI components. It is also known as React.js or ReactJS.

Written by Mihail Shahov

May 13, 20226 min read

Blog

What is Agile and why we use it?

Agile is a time-boxed, iterative method to software delivery that aims to provide software gradually throughout the project rather than all at once near the end.

Written by Svetoslava Angelova

Sep 15, 20225 min read

Blog

NVM vs NPM vs Yarn

Compared to the three technologies, NVM differs from the other two. Node Version Manager (NVM) is used to manage Node.js versions. NPM and Yarn are Node.js package managers. They allow downloading, installing, and managing packages when developing in JavaScript.

Written by Ventsislav Venkov

Sep 15, 20225 min read

Blog

Which IT engagement model is right for you?

Fixed price, time and materials, or dedicated teams? Consider carefully all the pros and cons of the engagement model for your project.

Written by Svetoslava Angelova

Sep 26, 202210 min read

Blog

Varna and Burgas airports' websites use React components in Drupal

Drupal is a modular system whose functions can be adapted to many different requirements, which is particularly important for public administration projects.

Written by Mihail Shahov

Nov 04, 20224 min read

Blog

Laravel Mix - a simple and powerful wrapper around Webpack

Laravel Mix provides a fluent API for defining webpack build steps for your Laravel application using several common CSS and JavaScript pre-processors.

Written by Stefani Tashkova

Nov 15, 20224 min read

Blog

What is Scrum?

Scrum is a part of the Agile methodology. It is the most popular framework for agile development, and it is a simple process framework.

Written by Svetoslava Angelova

Nov 20, 20224 min read

Blog

Roles in Scrum

Scrum roles and how you can fold them into your organisation.

Written by Svetoslava Angelova

Nov 21, 20224 min read

GET IN TOUCH

Have a project you'd like to launch?