22/11: SSL Best Practices

Category: Best Practices
Posted by: bagheljas
  • SSL Cert Key: One should always renew SSL Cert with newly generated key. Don't order or renew SSL Cert for more than 2 year validity. Presently, recommended SSL Cert Key length is 2048. Never email or transfer SSL Cert Key over wire as clear text.
  • SSL Session Cache: SSL implementation is a CPU intensive step. SSL implementation with Session Cache helps you optimize the need and usage of CPU.
  • SSL Offload: L4 switches supporting SSL are highly optimized than Web App Servers for performance and operations management. Implement SSL Offload to L4 Switches.


Disclaimer

The views expressed in the blog are those of the author and do not represent necessarily the official policy or position of any other agency, organization, employer, or company. Assumptions made in the study are not reflective of the stand of any entity other than the author. Since we are critically-thinking human beings, these views are always subject to change, revision, and rethinking without notice. While reasonable efforts have been made to obtain accurate information, the author makes no warranty, expressed or implied, as to its accuracy.