Better defaults, or Optional default master settings screen

Discussion in 'Feature Requests' started by Loveless, Apr 11, 2017.

  1. Loveless

    Loveless Member

    After having installed ISPconfig 3 a couple of times, I'd say the defaults aren't correctly chosen, and somewhat outdated;
    We're living 4 years post Snowden by now. For people using nginx without apache, for example, I'd say always default to SSL/TLS only, so
    - redirect to https should always be enabled,
    - spam and virus filtering should default to ON and default to sieve into the Junk folder which should be created for Maildirs by dovecot.
    - Let'sEncrypt and SSL should be enabled by default, and be allowed for Clients (the Limits tab).
    - Always enable SPDY or its followup rather, http2

    It would save us so much clicking and tabbing for each new Client/Site/Mailbox etc.

    For some customers I've installed froxlor a couple of times, this has really good options for admins to pick the defaults. ISPconfig should have that too.
  2. concept21

    concept21 Active Member HowtoForge Supporter

    I do not agree with you.
    http is 2x faster than https. Only enable https when it is necessary. Whoever cares when you are reading public news? :cool:
    HTTP 2205 bytes in 0.338 second response time
    HTTPS 2205 bytes in 0.683 second response time
    Last edited: May 25, 2017
  3. Loveless

    Loveless Member

    I'm afraid you're doing something terribly wrong then;

    "Encryption used to introduce overheads. It's true that TLS used to be computationally expensive, but that's just no longer the case these days. Adam Langley from Google wrote about this back in 2010 (yes, 6 years ago!) when they moved GMail to HTTPS and he had this to say:

    On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

    If you stop reading now you only need to remember one thing: SSL/TLS is not computationally expensive any more.
    Last edited: Jul 6, 2017
    Gwyneth Llewelyn likes this.
  4. Rabenkind

    Rabenkind Member

    I agree with loveless.
    There are experts you can hire for making your SSL/TLS responses fast. ( It is just a pain to integrate it in ISPConfig.
    Also TLS-Settings and crypto is outdated/not executed with dovecot/postfix. Deploying better crypto is painfull in ISPConfig (see my dovecot-Problem)
    Gwyneth Llewelyn likes this.

Share This Page