G-SEC™ is a vendor independent Luxemburgish led security consulting group that offers IT Security consulting services on an organizational and technical level. Thierry ZOLLER, Principal Security Consultant from G-SEC has released a paper about SSL/TLS Hardening.
This paper aims at answering the following questions :
-What SSL/TLS configuration is state of the art and considered secure (enough) for the next years?
-What SSL/TLS ciphers do modern browsers support ?
-What SSL/TLS settings do server and common SSL providers support ?
-What are the cipher suites offering most compatibility and security ?
-Should we really disable SSLv2 ? What about legacy browsers ?
-How long does RSA still stand a chance ?
-What are the recommended hashes,ciphers for the next years to come
The paper includes two tools:
-SSL Audit (alpha):SSL scanner scanning remote hosts for SSL/TLS support
-Harden SSL/TLS (beta) : Windows server and client SSL/TLS hardening tool
You can download complete package here: