Friday, January 28, 2022

Disabling old TLS in nginx

To increase nginx security, one of the thing that we can configure is, to disable old TLS. At this current moment, TLSv1.3 is the gold standard, and TLSv1 and TLSv1.1 should not be enabled in production nginx.

To disable TLSv1 and TLSv1.1, just go to /etc/nginx/nginx.conf, find ssl_protocols line and change it to look like below

ssl_protocols TLSv1.2 TLSv1.3;

Test your configuration for any syntax error

sudo nginx -t

And restart your nginx to activate the setting

sudo systemctl restart nginx

In order to quickly check if our nginx no longer support TLSv1 and TLSv1.1, use nmap command as below

 nmap --script ssl-enum-ciphers -p 443 www.mytlssite.com

Or, we can use one of the free web based SSL test tools:

  1. https://www.ssllabs.com/ssltest/
  2. https://www.cdn77.com/tls-test 
  3. https://www.thesslstore.com/ssltools/ssl-checker.php
  4. https://gf.dev/tls-scanner
  5. https://gf.dev/tls-test
  6. https://www.wormly.com/test_ssl
  7. https://www.digicert.com/help/
  8. https://www.sslshopper.com/ssl-checker.html
  9. https://observatory.mozilla.org/
  10. https://tls.imirhil.fr/
  11. https://www.sslchecker.com/sslchecker

 

 

Tuesday, January 25, 2022

Connect to remote desktop on windows from linux

To connect to windows remote desktop from linux, there are many tools. But the 2 tools that I used the most are rdesktop and freerdp. 


To install rdesktop
$ sudo apt install rdesktop -y

To use rdesktop to connect to a windows machine with an ip of 10.10.10.10
$ rdesktop 10.10.10.10

To specify username, we can use -u flag
$ rdesktop -u administrator 10.10.10.10

Sometimes rdesktop unable to connect to newer that windows 2012. We can use xfreerdp for that. To install xfreerdp
$ sudo apt install freerdp2-x11 -y

To use xfreerdp to connect to windows server at 10.10.10.10
$ xfreerdp /v:10.10.10.10

To specify username, we can use /u flag
$ xfreerdp /u:administrator /v:10.10.10.10