Re: SSL Labs - secure your your SSL |
by fiammybe on 2013/4/8 14:14:46 A wiki page about how to properly configure your site for SSL would be a great help I think. @Madfish, could you write something up? You have the first-hand experience. |
SSL Labs - secure your your SSL |
by Madfish on 2013/4/4 0:50:00 SSL Labs have a free test that will analyse an SSL-secured site and offer advice on how to improve it. There are currently a couple of attacks against common / mainstream configurations of SSL. At the moment the only way to prevent the BEAST attack is to use RC4 ciphers. Unfortunately, RC4 is now in the 'looking shaky' camp, but this is a case of trading off a theoretical weakness against a practical exploit. They also offer a free best practice guide on SSL deployment. If you have an SSL site check it out! |