What do you mean by MASSL? Are you referring to the SSL scanner and the process to deploy the certificate authority? Or are you looking for something specific?
The master list of best practices can be found here:
There is a section dedicated to SSL scanner best practices.
Thank you for your email. I am looking at Mutually Authenticated-SSL option for client authentication (with a client certificate)