Achieving high security

From ProVide DocWiki


After implementing the following in ProVide it is now possible to configure the server to achieve a perfect score at Qualys SSL Labs official test.

  • Implemented support for HTTP Strict Transport Security.
  • Implemented support to individually enable/disable SSL/TLS protocols (SSL v2, SSL v3, TLS v1, TLS v1.1, TLS v1.2).
  • Implemented support for forward secrecy with most browsers.
  • Improved support for completely loading chain certificates including intermediate.
  • Improved support for individually enable/disable SSL/TLS ciphers.
  • Improved support for renegotiation (allow secure, disable client-initiated).

SSL-labs A+.png


Requirements

  • Latest version of ProVide
  • Purchased certificate with at least 4096 bit key using SHA256 encryption (not SHA1)

Instructions

  1. Stop the ProVide service
  2. Browse to the ProVide installation directory.
  3. Place your intermediate certificate(s) inside the "certificates" folder.
  4. Open the "settings.ini" file
  5. Find [HTTPS Protocols] and [HTTPS Ciphers] and alter them to look like this:
      [HTTPS Protocols]
"TLS v1.2"
[HTTPS Ciphers]
"ECDHE-RSA-AES256-SHA"
  1. Save the file
  2. Start the ProVide service
  3. Run the SSL Test found here to see your results: SSL Test

Want more support?

Buy coupon tickets

“ProVide has provided Hartz a rock solid, robust and cost effective FTP solution for the last 2 years. I would be glad to serve as a reference for your product.”

– Jim Tooker, The Hartz Mountain Corporation