Appendix A makes for great bullet points "SSL/TLS Deployment Best Practices"
- Use 2048 bit private keys
- Restrict Access to the private keys
- Obtain Cert from a reliable CA
- Use Strong Cert algorithms (Ex: don't use SHA1)
- Use Secure Protocols (Ex: don't use SSL v2 or v3)
- Use Secure Cipher Suites (Ex: don't use RC4)
- Support Forward Secrecy
- Disable Client-Initiated Renegotiation
- Disable TLS compression
- Pay attention to performance
- Encrypt 100% of your website (don't mix content)
- Secure your cookies
- Validate everything works
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.