All About SSL Security - Awareness
With the recent threads and news storys coming about thick and fast like no one's business what a better way to start a thread about SSL security. I see many installing SSL's and leaving it simply at that missing some rather nice security/enhancements behind in the process.
There's several things you can do like strict transport security, OCSP stapling, decent cipher sets, forward secrecy and a whole boat load of other things upon them. Some times I see those regarding SSL's as the "install and forget" method to increase security but while in the process they could be hindering security by using a poor setup.
I suppose the idea behind this thread is to increase awareness that it's not a simple "install and forget" procedure like some claim and just using 5 minutes with an SSL checker like SSL Labs you can easily spot any weakness and improve where needed.
How many of you regularly use SSL checkers and whatever else?
P.S: Please don't turn this into a heartbleeding type thread this is mostly to discuss general SSL security to help others configure there SSL setups or even point them in the right direction.
