Back to Documentation

Security

SSL/TLS Configuration

Advanced SSL/TLS settings for security-conscious sites. Configure cipher suites, HSTS, and more.

1Default Configuration

Berican Labs uses secure defaults:

TLS 1.2/1.3: Older versions disabled
Modern ciphers: ECDHE, AES-GCM preferred
HSTS: Enabled with 1-year max-age
OCSP Stapling: Enabled for faster validation

This configuration gets an A+ rating on SSL Labs.

2HSTS (HTTP Strict Transport Security)

HSTS tells browsers to always use HTTPS:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Configure HSTS in Site Settings > Security > HSTS:

Max Age: How long browsers remember (default: 1 year)
Include Subdomains: Apply to all subdomains
Preload: Submit to browser preload lists

3TLS Version

Configure minimum TLS version:

TLS 1.3 only: Maximum security, may break old clients
TLS 1.2+ (default): Good balance of security and compatibility

Go to Site Settings > Security > TLS to configure.

Note: TLS 1.0 and 1.1 are deprecated and cannot be enabled.

4Custom Certificates

Upload your own SSL certificate (Business+ plans):

Go to Site Settings > Security > SSL
Click "Upload Custom Certificate"
Paste certificate in PEM format
Paste private key
Add intermediate certificates if required

Useful for EV certificates or organizational requirements.

5Certificate Transparency

All certificates are logged to CT logs:

Certificates visible in public CT logs
Enables monitoring for mis-issued certificates
Required by Chrome and other browsers

Monitor your domain's certificates at crt.sh.

On this page

Default Configuration
HSTS (HTTP Strict Transport Security)
TLS Version
Custom Certificates
Certificate Transparency

Related