OnDoc
| sign
in
up
~
pub
|
pdf
txt
html
toc
url
|
<<
>>
1
2
3
4
5
6
7
8
~
11
Table of Contents
SSL/TLS Deployment Best Practices
1. Private Key and Certificate
1.1. Use 2048-bit Private Keys
1.2. Protect Private Keys
1.3. Ensure Sufficient Hostname Coverage
1.4. Obtain Certificates from a Reliable CA
2. Configuration
2.1. Deploy with Valid Certificate Chains
2.2. Use Secure Protocols
2.3. Use Secure Cipher Suites
2.4. Control Cipher Suite Selection
2.5. Support Forward Secrecy
2.6. Disable Client-Initiated Renegotiation
2.7. Mitigate Known Problems
3. Performance
3.1. Do Not Use Too Strong Private Keys
3.2. Ensure That Session Resumption Works Correctly
3.3. Use Persistent Connections (HTTP)
3.4. Enable Caching of Public Resources (HTTP)
4. Application Design (HTTP)
4.1. Encrypt 100% of Your Web Site
4.2. Avoid Mixed Content
4.3. Understand and Acknowledge Third-Party Trust
4.4. Secure Cookies
4.5. Deploy HTTP Strict Transport Security
4.6. Disable Caching of Sensitive Content
4.7. Ensure That There are No Other Vulnerabilities
5. Validation
6. Advanced Topics
Changes
Version 1.3 (17 September 2013)
Acknowledgments
About SSL Labs
About Qualys