22/11: SSL Best Practices

Category: Best Practices
Posted by: bagheljas
  • SSL Cert Key: One should always renew SSL Cert with newly generated key. Don't order or renew SSL Cert for more than 2 year validity. Presently, recommended SSL Cert Key length is 2048. Never email or transfer SSL Cert Key over wire as clear text.
  • SSL Session Cache: SSL implementation is a CPU intensive step. SSL implementation with Session Cache helps you optimize the need and usage of CPU.
  • SSL Offload: L4 switches supporting SSL are highly optimized than Web App Servers for performance and operations management. Implement SSL Offload to L4 Switches.


The thoughts expressed in the blog are those of the author and do not represent necessarily the official policy or position of any other agency, organization, employer, or company. Assumptions made in the study are not reflective of the point of view(s) of any entity other than the author. Since we are critically thinking human beings, the point of view(s) is always subject to change, revision and rethinking at any time. While reasonable efforts have been made to obtain accurate information, the author makes no warranty, expressed or implied as to its accuracy.