SAINTCON 2016 - Christopher Hopkins (hydroplane) - Using LetsEncrypt and Optimizing TLS

Learn effective ways to leverage TLS and LetsEncrypt to secure your online presence, including best practices for certificate validation, OCSP stapling, and more.

Key takeaways
  • Always check the root certificate of a website and be cautious when accessing websites with unknown or untrusted roots.
  • Use a certificate validation tool, such as SSL Labs, to test the security of a website’s TLS configuration.
  • Enable OCSP stapling to improve the performance and security of TLS configurations.
  • Use an intermediate certificate, as it provides a good balance between security and compatibility.
  • Consider using Lets Encrypt, a free certificate authority that provides a simple and automated way to obtain certificates.
  • The Elliptic Curve Diffie-Hellman ephemeral key agreement method is recommended for improved security.
  • GCM (Galois Counter Mode) is a good option for authentication encryption.
  • Always update your software and browsers to the latest version to ensure compatibility with TLS 1.2.
  • Consider using key pinning to improve the security of your website.
  • Always use HTTPS and redirect all HTTP requests to HTTPS.
  • Certificate Authorities (CAs) are not always trustworthy, so be cautious when accessing websites that do not have a recognizable CA.