Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: SSL certificates
10 points by bobwaycott on June 15, 2015 | hide | past | favorite | 17 comments
Hi all.

There has, over the last year or so, been quite a number of interesting crypto-related news coverage related to not inconsequential vulnerabilities and issues. In briefest terms, I'd like to get an idea of what the current best practices/recommendations are regarding deploying applications/services that will operate over HTTPS. For starters--though I'd love to hear beyond where applicable--if someone is launching a new product wanting to be as up-to-date on best security practices in this regard, a few questions:

1. What is the current recommendation for SSL certificates regarding strength, cipher types, etc.? Do wildcard certs have special needs worth being mindful of that non-wildcard certs do not?

2. Any recommendations on reputable, reliable, and trustworthy vendors for securing a new SSL certificate that meets current best-practice expectations?

3. Aside from ensuring a server is up-to-date with all security-related releases/patches, what else should one be mindful of in setting up and deploying a product/service that needs to be secure?

Thanks in advance to all.



1) Strength - always at least 2048 bits, 4096 if speed isn't as critical as security. For your CSR make sure you use SHA256 for signing (http://itigloo.com/security/generate-an-openssl-certificate-...) As for ciphers, depends on the tradeoff you need for compatibility vs. security; I would consult Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS They also have a handy config generator, depending on what server you're going to use: https://mozilla.github.io/server-side-tls/ssl-config-generat...

2) For lowest cost and no bullshit, I'd go with CertSimple (https://certsimple.com), or DigiCert (https://digicert.com).

3) As mentioned below, SSLLabs will point out if any of your config is risky. Besides that, you might want to add a 301 URL redirect to your web server to force people to only use SSL and avoid the fatal mistake of someone forgetting to type http_s_.

Have fun!


I don't think it matters whether you use SHA1 or SHA256 on your CSR - a CA can issue you a SHA256 certificate regardless. Better to use SHA256 on the CSR, of course, but not worth worrying about.


   Besides that, you might want to add a 301 URL redirect to 
  your web server to force people to only use SSL and avoid 
  the fatal mistake of someone forgetting to type http_s
Is there any other way to do this. If a user makes a non SSL request to my server they have potentially already leaked information in that request, especially if it is a post. Cookies etc are all exposed.

Is there a best practice to prevent users making this first incorrect request in the first place?


Using HSTS and browsers pre-loaded list of sites that are HTTPS-only prevents leakage: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Also cookies also have a 'secure' flag.


> Besides that, you might want to add a 301 URL redirect to your web server to force people to only use SSL and avoid the fatal mistake of someone forgetting to type http_s_.

Is there any advantage of this over doing it at a DNS level?


CertSimple and DigiCert seem to be a bit pricey for simple DV (Domain Verification) certificates, any other options in that area?


thanks for a great reply on all points.


I deploy a couple of new projects every month and I've gotten into a habit of HTTPS full time everywhere on all projects.

From my experience using SSL Lab's web-based test[1] on all of them, the issue is less with the cert vendor and more with the server configuration. All the vendors I have used recently will use a 2048 bit RSA key which will grade as A just fine on SSL Labs. But it's pretty easy to get lower grades by not having an up-to-date server which restricts broken ciphers like TLS 1.0 and SSL. Or by having broken certificate chains.

My favorite vendor is DNSimple because of their extremely easy process for generation, but they are just reselling Comodo certificates.

1. https://www.ssllabs.com/ssltest/


thanks for your thoughts and pointing to the ssllabs test. much appreciated.


Mozilla has a great article posted up about this here: https://wiki.mozilla.org/Security/Server_Side_TLS


thanks for the link to this article.


Use 2048 bits, not 4096. I'm kind of paranoid and always try to use the highest recommendations, HSTS, all-SSL, etc. But in terms of SSL connection setups / second, your CPU will be the bottleneck, and having 4096 bits will limit you to about 1/4 of the connection setups / second that 2048 could have handled. So if the site has low traffic and a enough CPU resources, it could be ok, but if you ever need to handle a lot of connections: use 2048 bits! (I learned the hard way ;)


that's a great observation. thanks for the recommendation.


To answer question #1, a lot of people use the SSL Server test: https://www.ssllabs.com/ssltest/analyze.html. It's one way to analyze if your certificates and SSL/TLS settings are configured correctly. The results are arguable - getting an "A" does not guarantee safety - but getting an "F" can show that more work needs to be done.


thanks a bunch for the reply.


1: https://github.com/cloudflare/sslconfig


thanks for this. always helpful to see what bigger entities are using with their nginx setups.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: