Recommend OCSP stapling

diff --git a/presentations/org-training/agenda.md b/presentations/org-training/agenda.md
index 526f39b..1c787eb 100644 (file)
--- a/presentations/org-training/agenda.md
+++ b/presentations/org-training/agenda.md
@@ -377,16 +377,17 @@ We still recommend perfect forward secrecy.
     * Disable SSL 2.0 (weak algorithms)
     * Disable SSL 3.0 (BEAST vs IE/XP)
     * [Disable RC4 cipher](https://www.ietf.org/rfc/rfc7465.txt) (RFC7465)
+    * Disable EXPORT suites (FREAK Attack)
     * Enable TLS 1.0 or better
     * Disable TLS-Compression (SSL-CRIME Attack)
     * Implement HSTS (HTTP Strict Transport Security)
+    * Implement OCSP stapling (Security and performance improvement)
   * Variant A: fewer supported clients
   * Variant B: more clients, weaker settings
 
   Attacks only get better.
 
 
-
 # Variant **A**
 
     EECDH+aRSA+AES256:EDH+aRSA+AES256:!SSLv3