Table of Contents
Introduction #
After implementing the following in ProVide it is now possible to configure the server to achieve a perfect score at Qualys SSL Labs official test.
- Implemented support for HTTP Strict Transport Security.
- Implemented support to individually enable/disable SSL/TLS protocols (SSL v2, SSL v3, TLS v1, TLS v1.1, TLS v1.2, TLS v1.3).
- Implemented support for forward secrecy with most browsers.
- Improved support for completely loading chain certificates including intermediate.
- Improved support for individually enable/disable SSL/TLS ciphers.
- Improved support for renegotiation (allow secure, disable client-initiated).
Requirements #
- Latest version of ProVide
- Purchased certificate with at least 4096 bit key using SHA256 encryption (not SHA1)
Instructions #
- Stop the ProVide service
- Browse to the ProVide installation directory.
- Place your intermediate certificate(s) inside the “certificates” folder.
- Open the “settings.ini” file
- Find [HTTPS Protocols] and [HTTPS Ciphers] and alter them to look like this:
[HTTPS Protocols]
“TLS v1.3”
[HTTPS Ciphers]
“ECDHE-RSA-AES256-GCM-SHA384” - Save the file
- Start the ProVide service
- Run the SSL Test found here to see your results: SSL Test
