- What SSL/TLS configuration is state of the art and considered secure (enough) for the next years?
- What SSL/TLS ciphers do modern browsers support ?
- What SSL/TLS settings do server and common SSL providers support ?
- What are the cipher suites offering most compatibility and security ?
- Should we really disable SSLv2 ? What about legacy browsers ?
- How long does RSA still stand a chance ?
- What are the recommended hashes,ciphers for the next years to come
lunes, 13 de diciembre de 2010
TLS/SSL Hardening & Compatibility Report 2010 (G-SEC)
This is the "Release candidate" version of the paper, should no errors be found it will be the final version.
This paper aims at answering the following questions :
The paper includes two tools :
Without further ado here is the complete package