> I've seen a list of SSL Options here:
> Are there recommended options that should be set?  (I'm using the 
> latest Open SSL version 1.0.2a).

I don't think many of these Options matter now, many are historic for old
browsers and bugs.  

For my public web site https://www.telecom-tariffs.co.uk/ I use the following

SslDHParamFile := (myfile) 
SslVersionMethod := sslBestVer_SERVER ; 
SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, 
SslECDHMethod := sslECDH_P256 ;
SslCipherList := SslCiphersMozillaSrvInter ;  

Those settings get me a test result of A at: 


Adding an extra HTTP header to each page gets my result up to A+:

CExtraHeaders := 'Strict-Transport-Security: max-age=31536000'+CRLF; 

This forces use of HTTPS by the browser. 

If you are using a client, I'd use the same SslOptions, but the server may have
different ideas, it really controls what happens. 


To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to