Skip to content

Instantly share code, notes, and snippets.

@petarov
Last active April 27, 2017 09:14
Show Gist options
  • Save petarov/128ef3de299582ba2e3e7236262220f2 to your computer and use it in GitHub Desktop.
Save petarov/128ef3de299582ba2e3e7236262220f2 to your computer and use it in GitHub Desktop.
Security and Crypto
#!/bin/bash
# Encrypts input data using AES-CBC-128 without salt
# Key and IV passed as text parameters and converted to OpenSSL Hex formatted inputs.
# Outputs encrypted data as Base64 encoded text.
if [ "$1NULL" = "NULL" ]; then
echo "Usage - $0 [key] [iv] [data]"
exit 1
fi
KEY1=$(xxd -pu -c10000 <<< "$1")
IV1=$(xxd -pu -c10000 <<< "$2")
KEY=${KEY1:0:${#KEY1}-2}
IV=${IV1:0:${#IV1}-2}
echo "INPUT='$3'"
echo "Key='$KEY'"
echo "IV='$IV'"
echo
if [ -e "$3" ]; then
openssl enc -nosalt -p -a -aes-128-cbc -in $3 -K $KEY -iv $IV
else
echo -n $3 | openssl enc -p -nosalt -a -aes-128-cbc -K $KEY -iv $IV
fi

Nginx SSL optimizations

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
 
        ssl_certificate /etc/nginx/cert/bjornjohansen.no.certchain.crt;
        ssl_certificate_key /etc/nginx/cert/bjornjohansen.no.key;
 
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 60m;
 
        ssl_prefer_server_ciphers on;
 
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
 
        ssl_dhparam /etc/nginx/cert/dhparam.pem;
 
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
        resolver 8.8.8.8 8.8.4.4;
 
        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header Strict-Transport-Security "max-age=31536000" always;
 
        # Rest of your regular config goes here:
        # […]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment