Transport Layer Security(TLS), is a commonly used security protocol designed to facilitate secure communications over the internet. A typical use case of TLS is encrypting the communication between web applications and servers so the communication between your favourite browser and your favourite website online.
Key Security Considerations:
Only support strong protocols.
The handshake protocol is an area for consideration when looking at a TLS connection. The handshake protocol is responsible for selecting a cipher spec and generating a master secret, which together comprises the primary cryptographic parameters associated with a secure session. TLS includes substantial improvements over SSL, attackers may try to make TLS-capable clients and servers fall back to weaker protocols.
Only support strong ciphers
TLS and its implementations provide considerable flexibility in which cipher suites can be used. The flexibility does come at a cost as some available cipher suites are insecure, some do not provide the targeted security services, and some no longer provide enough security hence server configuration becomes key.
Use strong deffie-hellman parameters and limit re-use
At times certain configurations reuse Diffie-Hellman and Elliptic Curve Diffie-Hellman exponents across multiple connections this reuse can result in security issues. Where exponents are reused for too long for instance more than a few hours, an attacker who gains access to the host can decrypt previous connections. Simply put exponent reuse negates the effects of forward secrecy.
Disable compression
To limit the type of attacks again TLS is advisable to disable TLS-level compression, unless the application protocol in question has been shown not to be open to such attacks.
Use upto date libraries
it is vital to ensure that libraries used in TLS are kept up to date and have the latest security patches.