Validate and monitor
Configuring TLS, especially for use on web sites, has become increasingly complex in recent years. There are so many options to choose that you’re virtually guaranteed to get something wrong when you first try. Moreover, things change and break—sometimes accidentally, sometimes through software upgrades. For that reason, we recommend that you find a reliable configuration monitoring tool that you can trust. Use it periodically and continuously to ensure that you stay secure.
Modern browsers support user agent reporting, which can give you real-time insight into problems that your users are experiencing. CSP is one such technology that supports reporting, and even a report-only mode (no policy enforcement) for testing purposes. A more recent technology, called Network Error Logging (NEL), provides reporting for a wider range of network problems, including TLS and PKI.
Ivan Ristić writes computer security books and builds security products. His book “Bulletproof TLS and PKI”, the result of more than a decade of research and study, is widely recognized as the de-facto SSL/TLS and PKI reference manual. Ivan founded Hardenize - now part of Red Sift - as a platform for continuous security monitoring that helps organizations and individuals worldwide make the best of available network and security standards.
Get a free cyber risk assessment
Sign up here to have a Red Sift expert walk you through the issues affecting your digital estate across email, domains, and the network perimeter.