I don’t know jack! I am NOT a security professional by trade, but please at least be aware that simply installing an SSL certificate on your server does NOT make it secure.
Thanks to Qualys SSL Labs (https://www.ssllabs.com/ssltest/), testing your server for SSL security is dead simple. I recommend every public site you manage to be tested immediately!
Once you know your status, here are some invaluable information resources you will need for remediation:
Configuring Apache, Nginx, and OpenSSL for Forward Secrecy : https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
Setup your [Windows] IIS for SSL Perfect Forward Secrecy and TLS 1.2 : https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
Additionally I had one server that used stunnel (https://www.stunnel.org) on Windows. I found the following was good settings for
C:\Program Files (x86)\stunnel\stunnel.conf:sslVersion = all
options = NO_SSLv2
options = NO_SSLv3
ciphers = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
Again, I am NOT a security expert, so please do not blindly reconfigure your settings without fully understanding what you are doing. I do not think my advice is wrong, but there absolutely might be better settings available.
Here is a good Mozilla resource for Server Side TLS (https://wiki.mozilla.org/Security/Server_Side_TLS) including a link to Mozilla SSL Configuration Generator (https://mozilla.github.io/server-side-tls/ssl-config-generator/)
Please comment or tip me or use any/all of my affiliate links; Thank YOU!
You can thank me with bitcoin.
---