I have just posted an update to the SSL Labs’s SSL/TLS Deployment Best Practices document. The new version is now entirely up-to-date, but the changes are largely incremental:
- Stronger wording to deploy 2048-bit keys (it’s getting difficult or impossible to get certificates for anything less, anyway), and upgrade the remaining 1024-bit keys by the end of 2013.
- Recommendation to use TLS 1.2 as main protocol.
- Added CRIME to the list of problems that need to be mitigated in configuration.
- Added more references for those who wish to research some of the topics.
- Added Extended Validation certificates and Public Key Pinning to the Advanced Topics section.
- Several smaller changes and clarifications throughout the document.