110V Soldering Iron Kit
[ I WANT THIS ↑↑↑ Please use this affiliate linked image ]

Friday, August 28, 2015

https SSL cipher remediation for webservers 2015

I don’t know jack! I am NOT a security professional by trade, but please at least be aware that simply installing an SSL certificate on your server does NOT make it secure.

Thanks to Qualys SSL Labs (https://www.ssllabs.com/ssltest/), testing your server for SSL security is dead simple. I recommend every public site you manage to be tested immediately!

Once you know your status, here are some invaluable information resources you will need for remediation:

Setup your [Windows] IIS for SSL Perfect Forward Secrecy and TLS 1.2 : https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12

Additionally I had one server that used stunnel (https://www.stunnel.org) on Windows. I found the following was good settings for C:\Program Files (x86)\stunnel\stunnel.conf:
sslVersion = all
options = NO_SSLv2
options = NO_SSLv3


Again, I am NOT a security expert, so please do not blindly reconfigure your settings without fully understanding what you are doing. I do not think my advice is wrong, but there absolutely might be better settings available.

Here is a good Mozilla resource for Server Side TLS (https://wiki.mozilla.org/Security/Server_Side_TLS) including a link to Mozilla SSL Configuration Generator (https://mozilla.github.io/server-side-tls/ssl-config-generator/)

As Always, Good Luck!

Please comment or tip me or use any/all of my affiliate links; Thank YOU!

You can thank me with bitcoin.