Qualys Blog

www.qualys.com
Ivan Ristic

SSL/TLS Deployment Best Practices Updated

I have just posted an update to the SSL Labs’s SSL/TLS Deployment Best Practices document. The new version is now entirely up-to-date, but the changes are largely incremental:

  • Stronger wording to deploy 2048-bit keys (it’s getting difficult or impossible to get certificates for anything less, anyway), and upgrade the remaining 1024-bit keys by the end of 2013.
  • Recommendation to use TLS 1.2 as main protocol.
  • Added CRIME to the list of problems that need to be mitigated in configuration.
  • Added more references for those who wish to research some of the topics.
  • Added Extended Validation certificates and Public Key Pinning to the Advanced Topics section.
  • Several smaller changes and clarifications throughout the document.

Leave a Reply