Login
    Contenu x
    Protecting SSL/TLS private keys and certificates
    • 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Protecting SSL/TLS private keys and certificates

    • Mis à jour le 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that aim at ensuring secure communication between different parties over computer networks, by providing confidentiality and integrity. OneSpan Authentication Server uses SSL/TLS to secure the connection between various components and applications.

    Best practices: Protecting SSL/TLS private keys and certificates

    This section contains some best practices regarding the selection and protection of SSL/TLS private keys and certificates[1]:

    • Use strong private keys. Keys must be long enough to avoid or make brute force attacks impractical. The currently considered best practice is to use a key size of at least 2048 bits.
    • Generate private keys on trusted computers. Generate SSL/TLS keys on a secured and trusted computer only.
    • Protect private keys. Always use (strong) passwords to protect your private keys from unauthorized access. For a higher level of security, consider using a hardware security module (HSM) for protecting the private keys.
    • Renew/update certificates and keys regularly. Certificates and keys should be renewed at least once a year, or even more frequently if required by the security policy in place. More frequent key rotations typically equate to better security.
    • Handle old and compromised keys. Implement a strict policy regarding old and compromised keys. Such a policy should include procedures for retiring, archiving, destroying or revoking such keys, and should also include steps to address suspected compromised keys.
    • Use only strong protocols. SSL/TLS is a collection of different protocols and protocol versions, some of which have already been broken or are considered deprecated. Consider using TLS v1.1 or later.
    • Use only strong cryptographic cipher suites. SSL cipher suites are named combinations of algorithms used to negotiate security settings when establishing secured connections. OneSpan Authentication Server supports SSL cipher suites defined under different security level labels. Always use the highest security level applicable. Consider using at least security level HIGH for OneSpan Authentication Server communicator modules.
    1. cf. SSL Labs. "SSL and TLS Deployment Best Practices", https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices. Accessed May 2017.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle