-
Notifications
You must be signed in to change notification settings - Fork 229
Forward Secrecy
Ivan Ristic edited this page Aug 2, 2013
·
30 revisions
If you're new to Forward Secrecy, please read the following links first:
To deploy Forward Secrecy, you need to have both your web server and the underlying SSL/TLS library that support the necessary suites. For example:
- OpenSSL 1.0.1e
- Apache 2.4.x
- nginx 1.0.6+ and 1.1.0+
Assuming these requirements are satisfied, you can enable Forward Secrecy in two steps:
- Configure the web server to actively select suites
- Configure the OpenSSL suite string
$ openssl ciphers -V 'EECDH+AESGCM:EECDH+SHA256:EECDH+aRSA+SHA384:EECDH+RC4:EDH+aRSA:EECDH !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP'