ssl-proxy
ssl-proxy copied to clipboard
Hardening: TLS >= 1.2, limit cipher suites
In order to provide a reasonably secure TLS configuration, the following defaults have been set:
- Don't use TLS versions below 1.2 as those are vulnerable to attacks such as BEAST (CVE-2011-3389) and FREAK (CVE-2015-0204)
- Exclude ciphers known to be vulnerable, i.e. (3)DES, RC4, CBC ciphers
My suggestion for a reasonably secure TLS configuration in order to address #42