Fork me on GitHub


Applied Crypto Hardening


We are always waiting for further allies who participate in any sort, be it by finding mistakes, writing a new section or giving feedback on existing ones. You can contact us via the following channels:

If you don’t know LaTeX, git and/or don’t want to get in contact with it, we can help you with formatting, typesetting or comitting or do it for you.

Practical Settings

The centerpiece of Applied Crypto Hardening is the »Practical Setting« chapter. Each section consists of some subsection like the following ones:

  • Tested with Versions: A list of software stacks including versions (software itself, crypto libraries, operating system) the provided settings have been tested with
  • Settings: The main part of the section contating all settings to provide secure network communication
  • Additional settings (optional): Additional settings regarding cryptography, but which are not necessary (like redirecting HTTP to HTTPS)
  • Additional information (optional): Information concerning cryptography that might be useful for admins of this software (like changes in the software in the near future)
  • Justification for special settings (optional): maybe the software has some incompabilites, weird behaviors which make special settings needed?
  • References: A list of references for justification and further information is very important
  • How to test: Tools or anything the readers can use to test if the configuration works as expected

We have a sample section in src/template.tex which you can use as a template.


In this section we want to give an overview about the current state of cryptography and it’s implementations in the server environment keeping in mind that we create a paper for sysadmins as audience.

We want to give an insight in how we came to the recommended cipher suites (security and compability issues, keylength) and how we orderd them and topics affecting sysadmins, like Random Number Generators (RNGs), Public Key Infrastructure (PKI) and notes on different cryptography techniques.

The scope of this paper

After several discussions we concluded that we will restrict ourselves (for now!) on commonly used server software, so our target audience are system administrators. It is planned for the future to create a paper for client software, but we first want to get this one to a stable version.

Additionally, we only give recommendations on cryptography-related settings, not securing in general. There are many other guides out there trying to provide the most secure setups and configurations.