Presentations
Templates
Features
Teams
Pricing
Log in
Sign up
Log in
Sign up
Menu
SSL/TLS Best Practices
TLS
Ciphersuite negotiation
Master Secret generation (FS)
Authentication
Confidentiality
Integrity
Versions
SSL 2.0 (MD5, MITM Downgrade)
SSL 3.0 (POODLE)
TLS 1.0 (BEAST)
TLS 1.1 (CRIME, BREACH)
TLS 1.2
Ciphersuite
TLS_RSA_WITH_AES_128_CBC_SHA
RSA - Key negotiation
AES128 CBC - symmetric cipher
SHA1 - HMAC
IIS
Defaults not optimal (SSLLabs)
Changed via registry keys
3rd party tools (IISCrypto)
HSTS
Always use HTTPS
Server redirects (first request)
Headers and Preloaded lists
HTTP/2
Requires TLS 1.2 No Compression
Opportunistic encryption
All implementations so far over TLS
SSL/TLS
By mkontra
Made with Slides.com
SSL/TLS
282
mkontra
More from
mkontra