What are the perfect SSL settings?

Written August 26, 2015 • Steve Perry

Setting up a secure site isn’t just about adding an SSL certificate. It’s about securing your web server, keeping system software up-to-date, turning off server options that you don’t need, having a professional website built by a company who understands security and a lot of other considerations but you can go a long way with a good SSL as long as you don’t just install it and think you are done.

When you install an SSL certificate you need to decide on how tightly secured you want your website to be. This is a balance between supporting older devices / browsers and being too flexible that you are open to attacks. Here are two tools that will help you achieve a good balance:

A good starting point for adding the right Cipher Suites and settings to your server config is Cipherli.st – Strong Ciphers for Apache, nginx and Lighttpd.

Then you can test those settings using the Qualys SSL Labs SSL testing tool to make sure you are protected against the latest vulnerabilities as well as supporting the correct devices and web browsers.