SAINTCON 2016 - Christopher Hopkins (hydroplane) - Using LetsEncrypt and Optimizing TLS

Christopher Hopkins

Learn effective ways to leverage TLS and LetsEncrypt to secure your online presence, including best practices for certificate validation, OCSP stapling, and more.

Key takeaways
  • Always check the root certificate of a website and be cautious when accessing websites with unknown or untrusted roots.
  • Use a certificate validation tool, such as SSL Labs, to test the security of a website’s TLS configuration.
  • Enable OCSP stapling to improve the performance and security of TLS configurations.
  • Use an intermediate certificate, as it provides a good balance between security and compatibility.
  • Consider using Lets Encrypt, a free certificate authority that provides a simple and automated way to obtain certificates.
  • The Elliptic Curve Diffie-Hellman ephemeral key agreement method is recommended for improved security.
  • GCM (Galois Counter Mode) is a good option for authentication encryption.
  • Always update your software and browsers to the latest version to ensure compatibility with TLS 1.2.
  • Consider using key pinning to improve the security of your website.
  • Always use HTTPS and redirect all HTTP requests to HTTPS.
  • Certificate Authorities (CAs) are not always trustworthy, so be cautious when accessing websites that do not have a recognizable CA.