justin
|
695c3e2431
|
security: drop all CBC TLS suites (Qualys WEAK -> AEAD-only, still A+); sync ansible nginx templates (ciphers + ywxi CSP); capture host firewall as IaC
|
2026-06-06 00:49:21 -05:00 |
|
justin
|
5526fb79b9
|
security: harden nginx TLS ciphers (drop SHA-1 CBC -> HIPAA/NIST clean, still A+); document ImmuniWeb free badge + PCI/HIPAA/NIST/GDPR compliance
|
2026-06-06 00:22:59 -05:00 |
|
justin
|
6121c0a6f4
|
security: harden VM - nft+DOCKER-USER firewall closing public exposure of postgres/k8s/forgejo/listmonk/apis; remove inbound :25 (send-only); docs
|
2026-06-06 00:18:02 -05:00 |
|