TLS/SSL hardening¶

TLS protects data in transit from interception and modification. A misconfigured deployment can undermine that protection entirely: a deprecated protocol version, a weak cipher suite, or a missing certificate chain presents an exploitable surface despite the encryption label. The pages here cover protocol selection, certificate management, key exchange, known attack classes, and monitoring to detect drift.

Encrypted is not the same as correctly encrypted.

Protocol versions and cipher suites
Certificate management
Key exchange and forward secrecy
Known TLS vulnerabilities
Monitoring and validation
Mutual TLS
Post-quantum readiness