This should be on the list of valuable tools as well. It's a site which has strong example configurations for Apache, nginx, Openssh and many many others.. It's a great reference site. It's updated as new vulnerabilities are released, and as new technologies become available too.
Careful about implementing it all though - as their warning says, unless you understand things like HSTS or HPKP, implementing them incorrectly could make your site unavailable for a very, VERY long time.
That said, it's an easy way to get an A+! If you disable everything but TLS1.2, you can get a perfect 100/100/100/100.
I love https://cipherli.st too - it's definitely worth reading their rationales - but the Mozilla Server Side TLS project the other poster and the article mentioned seems to have more contributors and be more frequently updated (it's also on github).
This should be on the list of valuable tools as well. It's a site which has strong example configurations for Apache, nginx, Openssh and many many others.. It's a great reference site. It's updated as new vulnerabilities are released, and as new technologies become available too.
Careful about implementing it all though - as their warning says, unless you understand things like HSTS or HPKP, implementing them incorrectly could make your site unavailable for a very, VERY long time.
That said, it's an easy way to get an A+! If you disable everything but TLS1.2, you can get a perfect 100/100/100/100.