* General:
* Disable SSL 2.0 (weak algorithms)
* Disable SSL 3.0 (BEAST vs IE/XP)
- * Disable RC4 cipher (RFC)
+ * [Disable RC4 cipher](https://www.ietf.org/rfc/rfc7465.txt) (RFC7465)
* Enable TLS 1.0 or better
* Disable TLS-Compression (SSL-CRIME Attack)
* Implement HSTS (HTTP Strict Transport Security)
* Variant A: fewer supported clients
* Variant B: more clients, weaker settings
+ Attacks only get better.
+
# Variant **A**
# Tools: ssllabs.com
-
+
# Tools: sslllabs.com (2)