lunes, 13 de diciembre de 2010

TLS/SSL Hardening & Compatibility Report 2010 (G-SEC)

This is the "Release candidate" version of the paper, should no errors be found it will be the final version.

This paper aims at answering the following questions :
  • What SSL/TLS configuration is state of the art and considered secure (enough) for the next years?
  • What SSL/TLS ciphers do modern browsers support ?
  • What SSL/TLS settings do server and common SSL providers support ? 
  • What are the cipher suites offering most compatibility and security ?
  • Should we really disable SSLv2 ? What about legacy browsers ?
  • How long does RSA still stand a chance ?
  • What are the recommended hashes,ciphers for the next years to come

The paper includes two tools :
  • SSL Audit (alpha) :  SSL scanner scanning remote hosts for SSL/TLS support (Video)
  • Harden SSL/TLS (beta) : Windows server and client SSL/TLS hardening tool (Video)
Without further ado here is the complete package



No hay comentarios: