SAINTCON 2016 - Christopher Hopkins (hydroplane) - Using LetsEncrypt and Optimizing TLS

Security

Learn effective ways to leverage TLS and LetsEncrypt to secure your online presence, including best practices for certificate validation, OCSP stapling, and more.

Key takeaways
  • Always check the root certificate of a website and be cautious when accessing websites with unknown or untrusted roots.
  • Use a certificate validation tool, such as SSL Labs, to test the security of a website’s TLS configuration.
  • Enable OCSP stapling to improve the performance and security of TLS configurations.
  • Use an intermediate certificate, as it provides a good balance between security and compatibility.
  • Consider using Lets Encrypt, a free certificate authority that provides a simple and automated way to obtain certificates.
  • The Elliptic Curve Diffie-Hellman ephemeral key agreement method is recommended for improved security.
  • GCM (Galois Counter Mode) is a good option for authentication encryption.
  • Always update your software and browsers to the latest version to ensure compatibility with TLS 1.2.
  • Consider using key pinning to improve the security of your website.
  • Always use HTTPS and redirect all HTTP requests to HTTPS.
  • Certificate Authorities (CAs) are not always trustworthy, so be cautious when accessing websites that do not have a recognizable CA.

More talks

Miloslav Pojman - HTTP/3 – Why should I care?

Deputy National Security Advisor, Cyber & Emerging Tech Anne Neuberger | Full Interview | Code 2022

SAINTCON 2016 - Ashok Banerjee - Anatomy of Cyber Attacks and Cybersecurity Defense

SAINTCON 2023 - Morgan Thomas - Becoming A Space Pirate

AMD Hypervisor with Rust - Matthias Heiden - Rust Linz, October 2022

The State of Passwordless Auth on the Web – Phil Nash, JSNation 2023

Empowering Architectural Evolution: Governing Event-Driven Solutions • Sam Dengler • GOTO 2023

Q&A with Elviss Strazdiņš