Fix Common SSL/TLS Problems in Apache2

Qualys SSL Labs has some great tools to check your server’s SSL/TLS installation to make sure they don’t fall victim to common vulnerabilities or exploits that seem to be discovered every month. If you’re running an Apache2 installation, securing your server against most SSL/TLS vulnerabilities is as easy as enabling the headers Apache module, and then a few lines to your SSL configuration.

First, enable the headers module so Apache2 can modify headers sent to the client:

pengc99@alpha:~$ sudo a2enmod headers
Enabling module headers.
To activate the new configuration, you need to run:
 service apache2 restart
pengc99@alpha:~$

Then add the following lines to your SSL configuration:

# Make the server secure
 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!DH

Restart your server:

pengc99@alpha:~$ sudo /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .
pengc99@alpha:~$

That’s it! Now go run the test at https://www.ssllabs.com/ssltest/ and marvel at your server’s newfound security!

ssl

Continue Reading

Update your Nexus 5 to 5.1.1 Without Losing Data

Android Lollipop 5.1.1 was recently released for the Nexus 5 as a maintenance update to the latest OTA update of 5.1.0 to fix numerous issues, such as an intermittent non-response camera and excessive memory usage leading to crashing applications.

If you have a rooted phone or a phone with a custom recovery, you may find that the OTA update doesn’t work on your phone – this is because the update process now checksums and verifies partitions such as recovery before performing the update. If the partitions don’t match the expected stock ROM, the update process will terminate. Having a rooted phone (with the su binaries), modified radio, modified recovery, or custom ROM may all contribute to an update failing and bombing out.

Continue Reading

Texas Front License Plate Laws

Let me preface this with the fact that I am not a lawyer, nor should anything in this post be taken as legal advice. Use the information provided here at your own risk.

In researching the front license plate law I found a lot of conflicting information on the requirements of how and where the front license plate can be put on a car that is registered in Texas. I spent a few minutes digging around the Internet looking at credible sources of information (such as published Texas laws and statues from the Texas state legislature.

Continue Reading

Subaru Spherical Bushing Retrofit on 2008-2010 STi

From 2008 to 2010, Subaru used a rubber bushing for the front control arm rear on the STi (and probably other models based on the same suspension setup like the WRX and Impreza). The benefit of rubber in the bushing is a soft compliant feel with very low NVH. However, due to the design of the bushing and the extreme angles that the control arm has to articulate – the bushings quickly deteriorate.

This was solved in the 2011 model year STi – Subaru moved to a spherical bushing for the front control arm rear. This part is easily retrofitted to 2008 to 2010 STi models with the following part numbers:

  • 2x 901000377 – BOLT FLG 14
  • 1x 20202FG042 – ARM ASSY F ALUMI RH
  • 1x 20202FG052 – ARM ASSY F ALUMI LH

Everything is a bolt-on affair and the control arms also include a new ball joint.

There is a slight increase in NVH, but the spherical bearing lasts much longer and provides much more precise control than the old style rubber bushings.

Continue Reading