This SSL configuration for nginx achieves an A on the SSL labs tool. It’s what this server currently uses.
SSL configuration on nginx
SSL security in HTTP::Tiny
I was asked to add SSL support to a client library, while also moving from home-grown manual HTTP code to a proper module. HTTP::Tiny was ideal because it is pure-Perl, a core module since 5.14 (so it’ll be maintained), and it’s just one .pm file, making it easy to ship.
An application server that supported SSL was provided for testing purposes, but the SSL certificate didn’t match the hostname – HTTP::Tiny correctly rejected connections. I needed to be able to control the settings sent to the underlying IO::Socket::SSL object used for the encrypted connection so I could turn off security features for testing. As I worked on that, David Golden offered invaluable feedback, which greatly improved the design of the features added to HTTP::Tiny.
As of 0.018, HTTP::Tiny is more configurable, and has a simple interface for easily making SSL connections more secure.