A quick cheat sheet to picking the best ciphers

I’ve been working on deploying a new email service based around postfix and dovecot as the imap server (basically the standard services that come with RHEL, CentOS and Fedora) and one of the main things to focus on has been improving security where possible.

I happened to find a pretty useful web site for picking the most secure ciphers, which also gives handy pre-canned cipher lists for things like openssl.

OWASP – https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/TLS_Cipher_String_Cheat_Sheet.md

It also gives some handy example configs to use with Apache (httpd).

It has been useful for me, and I hope it will be for you too.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.