码迷,mamicode.com
首页 > 其他好文 > 详细

Strong TLS configuration on servers

时间:2015-05-16 01:28:28      阅读:160      评论:0      收藏:0      [点我收藏+]

标签:

技术分享


- Use certificates with at least sha-256 hash algorithms (including intermediate certificates).
- Use strong cipher suites (only 3 are allowed on my server: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256:ECDHE-RSA-AES256-SHA). Forward secrecy is deployed if ECDHE or DHE key-exchanges are used.
- Disable SSL2, SSL3.
- Enable HSTS, add domain to HSTS preload list.
- Enable OCSP stapling and SPDY/3 for best performance.

 

Strong TLS configuration on servers

标签:

原文地址:http://www.cnblogs.com/fatlyz/p/4507243.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!