Newsfeed
Nachrichtenbote
As you have to update your SSL anyway, why not make sure your configuration is up to modern standards?
There has been plenty of noise about Heartbleed, so if you're an admin, you already know what to do.
1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new SSL certificates as the old ones may have leaked
But since you have to touch your server configuration and create new SSL certificates, we would recommend that you also go through certificate generation settings and server configuration. Heartbleed is not the only problem in SSL/TLS implementations, a poorly chosen protocol or weak cipher can be just as dangerous as the Heartbleed bug.
As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet
Bonus points opportunity!
4. Implement Perfect Forward Secrecy (PFS). It's the "Prefer Ephemeral Key Exchanges" rule in the OWASP cheat sheet.
See this EFF post for details: Why the Web Needs Perfect Forward Secrecy More Than Ever
On 09/04/14 At 09:39 AM
Weiterlesen...
There has been plenty of noise about Heartbleed, so if you're an admin, you already know what to do.
1. Find everything you have using vulnerable versions of OpenSSL
2. Update to the latest OpenSSL version
3. Create new SSL certificates as the old ones may have leaked
But since you have to touch your server configuration and create new SSL certificates, we would recommend that you also go through certificate generation settings and server configuration. Heartbleed is not the only problem in SSL/TLS implementations, a poorly chosen protocol or weak cipher can be just as dangerous as the Heartbleed bug.
As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet
Bonus points opportunity!
4. Implement Perfect Forward Secrecy (PFS). It's the "Prefer Ephemeral Key Exchanges" rule in the OWASP cheat sheet.
See this EFF post for details: Why the Web Needs Perfect Forward Secrecy More Than Ever
On 09/04/14 At 09:39 AM
Weiterlesen...