|
|
|
|
|
|
by theandrewbailey
3834 days ago
|
|
|
Re: Point 1 You really only need two ciphers to get to most browsers/clients and good security and speed (replace RSA with ECDSA if needed): TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Example: https://www.ssllabs.com/ssltest/analyze.html?d=theandrewbail... It baffles me that Mozilla recommends 20 ciphers for their highest security level. I think high security should be more exclusive than that, and with forward secrecy only. Point 5: How I imported Let's Encrypt's certificates into a Java keystore: openssl pkcs12 -export -name yourdomain -in fullchain.pem -inkey privkey.pem -out pubchainpriv.p12
keytool -importkeystore -srcstoretype pkcs12 -srckeystore pubchainpriv.p12 -alias yourdomain -destkeystore /path/to/keystore.jks
|
|
|