Emmanuel Dreyfus
2014-07-25 14:01:37 UTC
Hi
For anyone interested, I wrote a paper for BSD magazine on TLS
hardening. It first introduces the TLS protocol for the administrator
and the developper, then look at how to harden an Apache setup,
including protections against various TLS attacks such as BEAST,
CRIME or Heartbleed. In the third part, the acquired know-how is
reused for TLS hardening of other protocols and services, such as
dovecot, sendmail or OpenVPN.
The paper was published in june 2014 issue of BSD magazine:
http://bsdmag.org/711/
They have an annoying mandatory newletter subscription before
download, hence you may prefer the standalone paper in open-access:
http://arxiv.org/abs/1407.2168
For anyone interested, I wrote a paper for BSD magazine on TLS
hardening. It first introduces the TLS protocol for the administrator
and the developper, then look at how to harden an Apache setup,
including protections against various TLS attacks such as BEAST,
CRIME or Heartbleed. In the third part, the acquired know-how is
reused for TLS hardening of other protocols and services, such as
dovecot, sendmail or OpenVPN.
The paper was published in june 2014 issue of BSD magazine:
http://bsdmag.org/711/
They have an annoying mandatory newletter subscription before
download, hence you may prefer the standalone paper in open-access:
http://arxiv.org/abs/1407.2168
--
Emmanuel Dreyfus
***@netbsd.org
Emmanuel Dreyfus
***@netbsd.org