Tag: tls

How to get a perfect SSL Labs score

It is easy to get an A+ on your website. But it is a little bit hard to make a 4 parts, Certificate, Protocol Support, Key Exchange, and Cipher Strength, to be 100%. Most of time, I got A+ rating of my site. For individual scores, the last two are 90%. Let me break down.

Server Name Indication (SNI)

Server Name Indication is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The most import reason to have this extension is to allow a server to present multiple SSL web site, or multiple certificates on

Disable SSLv2 and SSLv3 in Apache

As we always disable SSLv2 in Apache. Now it is SSLv3 turn. The recent news about the SSL 3 vulnerability is so important that I have to disable it as well. So just modify the ssl.conf of Apache [ssh]SSLProtocol All -SSLv2 -SSLv3[/ssh] The web site still has TLS 1.0, TLS 1.1 and TLS 1.2. For