Strong TLS configuration on servers

- Use certificates with at least sha-256 hash algorithms (including intermediate certificates).
- Use strong cipher suites (only 3 are allowed on my server: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256:ECDHE-RSA-AES256-SHA). Forward secrecy is deployed if ECDHE or DHE key-exchanges are used.
- Disable SSL2, SSL3.
- Enable HSTS, add domain to HSTS preload list.
- Enable OCSP stapling and SPDY/3 for best performance.

posted @ 2015-05-16 01:12 Yunzhu 阅读(297) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

Yunzhu Li

程序猿

Strong TLS configuration on servers

公告