> I've seen a list of SSL Options here: > Are there recommended options that should be set? (I'm using the > latest Open SSL version 1.0.2a).
I don't think many of these Options matter now, many are historic for old browsers and bugs. For my public web site https://www.telecom-tariffs.co.uk/ I use the following settings: SslDHParamFile := (myfile) SslVersionMethod := sslBestVer_SERVER ; SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, sslOpt_CIPHER_SERVER_PREFERENCE, sslOpt_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, sslOpt_NO_COMPRESSION, sslOpt_SINGLE_DH_USE ] ; SslECDHMethod := sslECDH_P256 ; SslCipherList := SslCiphersMozillaSrvInter ; Those settings get me a test result of A at: https://www.ssllabs.com/ssltest/ Adding an extra HTTP header to each page gets my result up to A+: CExtraHeaders := 'Strict-Transport-Security: max-age=31536000'+CRLF; This forces use of HTTPS by the browser. If you are using a client, I'd use the same SslOptions, but the server may have different ideas, it really controls what happens. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
