|
Title: Fix website TLS Post by: moni3z on January 26, 2014, 12:14:19 AM Whenever you get a chance would be great if you could fix your TLS to prevent the CRIME attack by disabling TLS compression, and disable Client-Initiated Renegotiation which is insecure and can lead to somebody DoS attacking the site. Should also blacklist junk cipher suites with DES like TLS_RSA_WITH_DES_CBC_SHA and TLS_DHE_RSA_WITH_DES_CBC_SHA they are completely useless shouldn't be supported.
Even though most browsers disable TLS compression might as well not run it anyways server side. |