SSL/TLS Deployment Best Practices Updated

Ivan Ristic

Last updated on: October 21, 2021

I have just posted an update to the SSL Labs’s SSL/TLS Deployment Best Practices document. The new version is now entirely up-to-date, but the changes are largely incremental:

  • Stronger wording to deploy 2048-bit keys (it’s getting difficult or impossible to get certificates for anything less, anyway), and upgrade the remaining 1024-bit keys by the end of 2013.
  • Recommendation to use TLS 1.2 as main protocol.
  • Added CRIME to the list of problems that need to be mitigated in configuration.
  • Added more references for those who wish to research some of the topics.
  • Added Extended Validation certificates and Public Key Pinning to the Advanced Topics section.
  • Several smaller changes and clarifications throughout the document.
Share your Comments


Your email address will not be published. Required fields are marked *