Benchmark: SSL/TLS Server Configuration Best Practices
SSL is the backbone of a secure internet, and it protects sensitive information by establishing authenticated and encrypted links between networked computers. So it is necessary to provide extra effort to configure your SSL server to provide necessary security against complex SSL-related attacks.
This benchmark performs various standard checks on your server configuration, for example:
- Do my certificates have a complete chain of trusted certificates?
- Are my servers using insecure cipher suites or protocols?
- Are perfect forward secrecy and TLS fallback SCSV enabled on my servers?
- Do my certificates use RSA keys or ECDSA keys that are too large?
Browse dashboards and select SSL/TLS Server Configuration Best Practices:
Or run the benchmarks in your terminal:
steampipe check net_insights.benchmark.ssl_configuration_best_practices
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.benchmark.ssl_configuration_best_practices
- Certificates should have a complete chain of trusted certificates
- SSL/TLS servers should avoid using insecure protocols
- SSL/TLS servers should use secure cipher suites
- Ensure SSL/TLS servers uses perfect forward secrecy (PFS)
- SSL/TLS servers should use strong key exchange mechanism (e.g., ECDHE)
- SSL/TLS servers should support TLS fallback SCSV for preventing protocol downgrade attacks
- SSL/TLS servers should avoid using RC4 cipher suites
- SSL/TLS servers should avoid using CBC cipher suites
- Avoid implementing too much security for certificates