06

Perfect forward secrecy for your website

qr-code for this page's url

For a while now I had SSL and Speedy on this site. Having SSL isn't very hard. StartCom will give you a free certificate for your server (and also S/Mime email certificates for your email accounts) if you are willing to navigate and endure their terrible UI. There is an easy option of letting them create the key and certificate, but I encourage you do do the proper thing of creating your own key pair so that you know that only you have the private key. I found these instructions quite useful.

But setting things up so you don't just have SSL but have good and secure SSL settings is trickier. I found a good article which walks you through the steps to set options and ciphers so that the SSL checker will give you an A rating.