diff --git a/domains/misc/badssl.com/dashboard/sets.js b/domains/misc/badssl.com/dashboard/sets.js index 1830574..d942319 100644 --- a/domains/misc/badssl.com/dashboard/sets.js +++ b/domains/misc/badssl.com/dashboard/sets.js @@ -37,6 +37,7 @@ var sets = [ {subdomain: "dh512"}, {subdomain: "dh1024"}, {subdomain: "null"} + {subdomain: "md5-server-signature"}, ] }, { @@ -50,6 +51,7 @@ var sets = [ {subdomain: "cbc"}, {subdomain: "3des"}, {subdomain: "dh2048"} + {subdomain: "sha1-server-signature"}, ] }, { diff --git a/domains/misc/badssl.com/index.html b/domains/misc/badssl.com/index.html index c59403d..4fee6e1 100644 --- a/domains/misc/badssl.com/index.html +++ b/domains/misc/badssl.com/index.html @@ -110,6 +110,11 @@

🔑Key Exchange

static-rsa +
+

✒️Server Signature

+ md5-server-signature + sha1-server-signature +

↔️Protocol

tls-v1-0 diff --git a/domains/server-signature/md5.conf b/domains/server-signature/md5.conf new file mode 100644 index 0000000..c55011a --- /dev/null +++ b/domains/server-signature/md5.conf @@ -0,0 +1,19 @@ +--- +--- +server { + listen 80; + server_name md5-server-signature.{{ site.domain }}; + + return 301 https://$server_name$request_uri; +} + +server { + listen 443; + server_name md5-server-signature.{{ site.domain }}; + + include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf; + include {{ site.serving-path }}/nginx-includes/tls-md5-signature.conf; + include {{ site.serving-path }}/common/common.conf; + + root {{ site.serving-path }}/domains/server-signature/md5; +} diff --git a/domains/server-signature/md5/index.html b/domains/server-signature/md5/index.html new file mode 100644 index 0000000..8f99dee --- /dev/null +++ b/domains/server-signature/md5/index.html @@ -0,0 +1,12 @@ +--- +subdomain: md5-server-signature +layout: page +favicon: red +background: red +--- + +
+

+ {{ page.subdomain }}.{{ site.domain }} +

+
diff --git a/domains/server-signature/sha1.conf b/domains/server-signature/sha1.conf new file mode 100644 index 0000000..87afdef --- /dev/null +++ b/domains/server-signature/sha1.conf @@ -0,0 +1,19 @@ +--- +--- +server { + listen 80; + server_name sha1-server-signature.{{ site.domain }}; + + return 301 https://$server_name$request_uri; +} + +server { + listen 443; + server_name sha1-server-signature.{{ site.domain }}; + + include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf; + include {{ site.serving-path }}/nginx-includes/tls-sha1-signature.conf; + include {{ site.serving-path }}/common/common.conf; + + root {{ site.serving-path }}/domains/server-signature/sha1; +} diff --git a/domains/server-signature/sha1/index.html b/domains/server-signature/sha1/index.html new file mode 100644 index 0000000..5ed22bf --- /dev/null +++ b/domains/server-signature/sha1/index.html @@ -0,0 +1,12 @@ +--- +subdomain: sha1-server-signature +layout: page +favicon: red +background: red +--- + +
+

+ {{ page.subdomain }}.{{ site.domain }} +

+
diff --git a/nginx-includes/tls-md5-signature.conf b/nginx-includes/tls-md5-signature.conf new file mode 100644 index 0000000..068c584 --- /dev/null +++ b/nginx-includes/tls-md5-signature.conf @@ -0,0 +1,10 @@ +--- +--- + +ssl_session_timeout 5m; + +# Limit to TLS 1.2 and ECDHE-based cipher suites, where MD5 server signatures may apply. +ssl_protocols TLSv1.2; +ssl_ciphers 'ECDSA+AESGCM:ECDHE:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK'; +ssl_prefer_server_ciphers on; +ssl_conf_command SignatureAlgorithms RSA+MD5; diff --git a/nginx-includes/tls-sha1-signature.conf b/nginx-includes/tls-sha1-signature.conf new file mode 100644 index 0000000..2b11572 --- /dev/null +++ b/nginx-includes/tls-sha1-signature.conf @@ -0,0 +1,10 @@ +--- +--- + +ssl_session_timeout 5m; + +# Limit to TLS 1.2 and ECDHE-based cipher suites, where SHA-1 server signatures may apply. +ssl_protocols TLSv1.2; +ssl_ciphers 'ECDSA+AESGCM:ECDHE:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK'; +ssl_prefer_server_ciphers on; +ssl_conf_command SignatureAlgorithms RSA+SHA1;