[SSL][NMAP] How strong is your certificate? Encryption of web | LinuxCheatSheet

[SSL][NMAP] How strong is your certificate?
Encryption of web communication has changed a lot, and while once it was an option (because it was CPU intensive), nowadays it is recommended to have it enable by default in your web site. To be effective, encryption must be configured properly.
But how to get out of acronym jungle out there? And how to check if your site is properly configured?
Let's start abandoning the word SSL in favor of TLS, that is Transport Layer Security. Then you can check the recommended cipher suites to use on mozilla website where you can find too example configurations for most common web servers and cloud providers. Usually the cipher choice is done balancing the security level you want to reach and the user base that will use your service (remember that not all people keep their software up to date and may have and old browser that does not support the latest cipher suite).
Then you want to check if your site is properly configured. There are some web services to do it, but why use some foreign service when you can simply use nmap on your computer? Try it with:
nmap -sV --script ssl-enum-ciphers -p 443 www.yoursite.com
It will take a while and it will return you a list of the currently configured ciphers and a vote (from A to F) of the strength of your site.

I hope you found this useful! Share the channel with your friends: http://t.me/linuxcheatsheet
Bye!
G.