EFF's Updated SSL Configuration | Electronic Frontier Foundation
Jared Sperli stashed this in security
EFF recently updated our SSL certificate and configuration. This gave us an A+ rating on SSL Labs, a great jumping off point for reviewing a site's secure connection. What follows is a quick, technical guide to how we achieved this.
Generating a CertificateFirst we generate an 4096-bit RSA private key with a strong passphrase. It's useful to have a "locked" version of the key for secure archival. The passphrase is stored separately in a KeePassX database.