Jurnal Infra

Exploitation of a web server is a form of behavior of someone who takes advantage of a software vulnerability or security weakness. Exploitation of the web server can be in the form of Zombie Poodle, Golden Doodle, Poodle, and others. In addition, there are also man-in-the-middle-attacks such as protocol downgrade attacks and cookie hijacking. Therefore, this study aims to examine a web server based on SSL configuration and provide suggestions for a better and more secure SSL configuration.

Testing in this study uses a program called SSLyze and this research produces a detailed report that can help to configure SSL on the Apache web server and Nginx web server properly and correctly in order to prevent further attacks. In addition to increasing security on the web server , using the right SSL configuration can make web server performance become optimal.

The test results show that implementing the tested SSL configuration has a good level of security so that it can prevent security problems on the web server and can make web server performance become more optimal and efficient.

Ahmed Ansari, J. and Najera-Gutierrez, G. Web Penetration Testing with Kali Linux - Third Edition | Packt. Packt, 2018. https://www.packtpub.com/product/web-penetration-testing-with-kali-linux-third-edition/9781788623377.

Ali, A. Comparison and Evaluation of Digital Signature Schemes Employed in NDN Network. International Journal of Embedded Systems and Applications 5, 2 (2015), 15-29.

Brehm, T. How to protect your Debian or Ubuntu Server against the Logjam attack. HowtoForge. https://www.howtoforge.com/tutorial/how-to-protect-your-debian-and-ubuntu-server-against-the-logjam-attack/.

Coders Conquer Security: Share & Learn Series - Padding Oracle. Securecodewarrior.com, 2019. https://www.securecodewarrior.com/blog/coders-conquer-security-share-learn-series-padding-oracle.

Crane, C. Everything You Need to Know About OCSP, OCSP Stapling & OCSP Must-Staple - Hashed Out by The SSL Store™. Hashed Out by The SSL Store™, 2020. https://www.thesslstore.com/blog/ocsp-ocsp-stapling-ocsp-must-staple/.

Greenberg, A. Hacker Lexicon: What Is Perfect Forward Secrecy?. Wired, 2016. https://www.wired.com/2016/11/what-is-perfect-forward-secrecy/.

Hagenlocher, P. Performance of Message Authentication Codes for Secure Ethernet. net.in.tum.de, 2018. https://www.net.in.tum.de/fileadmin/TUM/NET/NET-2018-11-1/NET-2018-11-1_04.pdf.

Kaduk, B. and Short, M. Deprecate 3DES and RC4 in Kerberos. Tools.ietf.org, 2017. https://tools.ietf.org/id/draft-ietf-curdle-des-des-des-die-die-die-01.html.

Kumar, R. 12 security headers you should use to prevent Vulnerabilities. Rajesh Kumar, 2019. https://www.rsupernova.com/12-security-headers-you-should-use-to-prevent-vulnerabilities/.

Moriarty, K. and Farell, S. Deprecating TLSv1.0 and TLSv1.1. Tools.ietf.org, 2020. https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.html.

Nohe, P. TLS 1.3 Update: Everything you need to know. Hashed Out by The SSL Store™, 2019. https://www.thesslstore.com/blog/tls-1-3-everything-possibly-needed-know.

Satapathy, A. and Livingston, J. A Comprehensive Survey on SSL/ TLS and their Vulnerabilities. International Journal of Computer Applications 153, 5 (2016), 31-38.