Hi For anyone interested, I wrote a paper for BSD magazine on TLS hardening. It first introduces the TLS protocol for the administrator and the developper, then look at how to harden an Apache setup, including protections against various TLS attacks such as BEAST, CRIME or Heartbleed. In the third part, the acquired know-how is reused for TLS hardening of other protocols and services, such as dovecot, sendmail or OpenVPN.
The paper was published in june 2014 issue of BSD magazine: http://bsdmag.org/711/ They have an annoying mandatory newletter subscription before download, hence you may prefer the standalone paper in open-access: http://arxiv.org/abs/1407.2168 -- Emmanuel Dreyfus m...@netbsd.org
