Using a more modern SSL Configuration?

ssl
installation
apache

#1

https://mozilla.github.io/server-side-tls/ssl-config-generator/

Will there be any issues if I use a modern configuration for SSL with HSTS enabled?

I know using a Modern configuration (as per the SSL Generator in the above link) often has problems with older browser/OS/etc. So I am not sure if this is going to cause issues if I use it for my seedbox SSL configuration.

My initial thought is that it will. I read in another post or wiki that HSTS is to be turned off when used with CloudFare. I am not using CF in my setup (I setup an A record to point a subdomain to the server). And maybe other clients might have issues connecting with me with a stricter SSL setup?

Has anyone else had any experience with this?


#2

Hey there @whiteazn, technically there should be no issues with strict transport being enabled. Enabling SSL will not interfere with peer connections as it is only encrypting connections to the web based end of things , i.e; HTTP connections.

Since we do encourage that everyone get a top level domain (or contact us for use on our DNS with a custom subdomain) and setup Let’s Encrypt, HSTS does nothing more than ensure that all connections are strictly HTTPS. Since @liara has converted many of our supported applications to make use of a forward proxy rather than exposed ports, strict transport will have no ill effects.


#3

Ok, thank you. I was mainly worried about other torrent peers not being able to connect to me (I am not too familiar with how the torrent protocol works). I wasn’t too sure if how I setup SSL in apache affects torrenting itself.

I got LetsEncrypt running. Now to just figure out some other minor things and then I’ll be up and running.