SSL Security Best Practices

SSL security brings the TAC server access more secure to out side the world. SSL security best practices will remove/disable week SSL/TLS protocols and cipher suites to ensure TAC makes secure connection with endpoints. By default TAC is hardened to provide top grade mark in SSL scan. you can check the Server SSL status in ssllabs scan(https://www.ssllabs.com) . This grading may be change due to different app publishing and client connection compatibility.

IMPORTANT: 

  • Doing changes/modification to SSL/TLS protocol stack without understanding may occur unknown server connectivity issues.
  • Some  SSL/TLS protocol version may be required to negotiate  connectivity with old client workstations/browser endpoints. Therefore make sure there are no compatibility issues between server and client PC/browser before take action against the following scan steps. 
  • Server reboot may be required to take effect system modification. Therefore do the changes accordingly. 

Follow below best practices to enable top grade mark in the server.

  1. From a client computer run https://ssllabs.com on the browser.
  2. Enter the TAC site hostname in the hostname field, enter Submit.


  3. Wait for the result to generate. This will show the site grading. if the site grade is A+ your server is most up to dated. if you get any results below A + , Review the scan report and identify week protocol, cipher suits or certificate information. Similar to below:
  4. Remove or disable week protocols and cipher suites from the server. you may use Nartac's IIS Crypto (https://www.nartac.com/Products/IISCrypto) tool to disable week cipher suites.

    Note: PortSys does not monitor 3rd party tools activity or software updates.

  5. Repeat the test again and evaluate SSL grading for the site.