Wednesday, March 18, 2015

SSL/TLS Best Practices from the OpenSSL Cookbook

Ivan Ristić wrote a great free online book about SSL/TLS security called OpenSSL Cookbook.

Appendix A makes for great bullet points "SSL/TLS Deployment Best Practices"

  • Use 2048 bit private keys
  • Restrict Access to the private keys
  • Obtain Cert from a reliable CA
  • Use Strong Cert algorithms (Ex: don't use SHA1)
  • Use Secure Protocols (Ex: don't use SSL v2 or v3)
  • Use Secure Cipher Suites (Ex: don't use RC4)
  • Support Forward Secrecy
  • Disable Client-Initiated Renegotiation
  • Disable TLS compression
  • Pay attention to performance
  • Encrypt 100% of your website (don't mix content)
  • Secure your cookies
  • Validate everything works

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

1 comment: