Server-side TLS
Because there are various attacks against TLS it is important to follow the best practices.
Best practices
Obtain your certificate as described in OpenSSL#Certificates.
- Disable SSLv3 to prevent the POODLE attack.
- weakdh.org's Guide to Deploying Diffie-Hellman for TLS
- Mozilla's Server Side TLS article
- SSL Labs' SSL and TLS Deployment Best Practices
- Cipherli.st
Checking TLS
Programs to check TLS:
Websites to check TLS:
- https://www.ssllabs.com/ssltest/ (only HTTPS)
- https://www.checktls.com/ (only email)