> I've seen a list of SSL Options here:
> Are there recommended options that should be set? (I'm using the
> latest Open SSL version 1.0.2a).
I don't think many of these Options matter now, many are historic for old
browsers and bugs.
For my public web site https://www.telecom-tariffs.co.uk/ I use the following
SslDHParamFile := (myfile)
SslVersionMethod := sslBestVer_SERVER ;
SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3,
sslOpt_NO_COMPRESSION, sslOpt_SINGLE_DH_USE ] ;
SslECDHMethod := sslECDH_P256 ;
SslCipherList := SslCiphersMozillaSrvInter ;
Those settings get me a test result of A at:
Adding an extra HTTP header to each page gets my result up to A+:
CExtraHeaders := 'Strict-Transport-Security: max-age=31536000'+CRLF;
This forces use of HTTPS by the browser.
If you are using a client, I'd use the same SslOptions, but the server may have
different ideas, it really controls what happens.
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be