How mature is your HTTPS implementation?

Although nowadays most of the websites are running in HTTPS, several parameters can improve the robustness and mitigate risks, especially for highly critical information. It aims to be didactic and point out the weaknesses on basis setup and improvements brought by HSTS, OCSP stapling, HPKP, Certificate Transparency, Forward Secrecy, DNS CAA,.. Different demos will be performed to explain the attacks, their risk and mitigations. The best practices and return of experience of their configuration on popular websites will be detailed to help sysadmin who wants to implement them. At the end, two pictures of the implementation of these parameters usage will be dress-up on most popular websites in Luxembourg (TLD .lu) in July 2017 and October 2017.