All articles tagged as:


Farewell to HPKP, hello to DNS-01 and ECDSA

A few months back I switched on HTTP public key pinning, a security scheme designed to make it more difficult for attackers to do nefarious things with the BigDino web server. HPKP is difficult to implement and comes with a long list of configuration pitfalls—and, as of today, I'm done with it.…

Read some more »

Grieving over the death of StartSSL

What was once the web's best source for free SSL certificates is dead, killed by shitty unethical behavior by a shitty company called WoSign. So thanks, WoSign—thanks for wrecking StartCom and StartSSL. You destroyed something wonderful and useful to millions of people. Hope it was worth it, dicks.…

Read some more »

WordPress, Varnish, Jetpack, and SSL/HSTS

If you're self-hosting WordPress on the HAProxy + Varnish + Nginx stack we've long talked about here at BigDino, you might have run into a few configuration quirks during set-up that went outside the scope of our blog entries a bit. One of those quirks is getting WordPress working with Jetpack.…

Read some more »