Achieving high security
After implementing the following in ProVide it is now possible to configure the server to achieve a perfect score at Qualys SSL Labs official test.
- Implemented support for HTTP Strict Transport Security.
- Implemented support to individually enable/disable SSL/TLS protocols (SSL v2, SSL v3, TLS v1, TLS v1.1, TLS v1.2).
- Implemented support for forward secrecy with most browsers.
- Improved support for completely loading chain certificates including intermediate.
- Improved support for individually enable/disable SSL/TLS ciphers.
- Improved support for renegotiation (allow secure, disable client-initiated).
- Latest version of ProVide
- Purchased certificate with at least 4096 bit key using SHA256 encryption (not SHA1)
- Stop the ProVide service
- Browse to the ProVide installation directory.
- Place your intermediate certificate(s) inside the "certificates" folder.
- Open the "settings.ini" file
- Find [HTTPS Protocols] and [HTTPS Ciphers] and alter them to look like this:
- Save the file
- Start the ProVide service
- Run the SSL Test found here to see your results: SSL Test