Here are some key points:
- Use 2048-bit private keys and protect private keys
- Obtain certificates from a reliable CA
- Use only secure protocols (SSLv3 and TLS 1.0 at least) and secure cipher suites
- Disable client-initiated renegotiation
- Mitigate known problems (Disable insecure negotiation and prioritize RC4 to mitigate the BEAST attack)
- Use persistent connections (HTTP)
- Encrypt 100% of your web site traffic
- Ensure that cookies are secured
- Ensure that mixed content is not used
- Enable HTTP Strict Transport Security
- Understand and acknowledge third-party trust
No comments:
Post a Comment