SSL Deployment Best Practices

SSL Deployment Best Practices

Short talk for Ruby Usergroup Hamburg 2014 about how to deploy SSL certificates while avoiding the most common pitfalls.

B5b39c8f21b5bb1ab97852ed32c888ab?s=128

Jan Krutisch

February 12, 2014
Tweet

Transcript

  1. 1.

    SSL Deployment Best Practices Jan Krutisch Ruby Usergroup Hamburg https://jan.krutisch.de/

    PGP-Key: A3E52A33 CF40 36B2 DBC8 83BA 29F1 3745 D400 34B1 A3E5 2A33
  2. 8.
  3. 10.
  4. 13.
  5. 15.
  6. 17.
  7. 20.
  8. 24.
  9. 28.
  10. 32.

    # Apache SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM

    EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ! # Nginx ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
  11. 33.
  12. 34.
  13. 37.
  14. 38.