"This article provides a simple model to follow when implementing
transport layer protection for an application. Although the concept of
SSL is known to many, the actual details and security specific
decisions of implementation are often poorly understood and frequently
result in insecure deployments. This article establishes clear rules
which provide guidance on securely designing and configuring transport
layer security for an application. This article is focused on the use
of SSL/TLS between a web application and a web browser, but that we
also encourage the use of SSL/TLS or other network encryption
technologies, such as VPN, on back end and other non-browser based
connections."
Link: http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
