03.openssl中设计中小提示

1. Private Key and Certificate(私钥保护需要注意的东西)
    a.Use 2048-Bit Private Keys
    b.Protect Private Keys
    c.Obtain Certificates from a Reliable CA
    d.Obtain Certificates from a Reliable CA
    e.Use Strong Certificate Signature Algorithms

2. Configuration(openssl配置文件)
    a.Use Complete Certificate Chains
    b.Use Secure Protocols
    c.Use Secure Cipher Suites
    e.Select Best Cipher Suites
    f.Use Strong Key Exchange
    g.Mitigate Known Problems

3. Performance
    a.Avoid Too Much Security
    b.Use Session Resumption
    c.Use WAN Optimization and HTTP/2
    d.Cache Public Content
    e.Use OCSP Stapling
    f.Use Fast Cryptographic Primitives

4. HTTP and Application Security
    a.Encrypt Everything
    b.Eliminate Mixed Content
    c.Understand and Acknowledge Third-Party Trust
    d.Secure Cookies
    e.Secure HTTP Compression
    f.Deploy HTTP Strict Transport Security
    g.Deploy Content Security Policy

5. Validation(验证)

6. Advanced Topics