Apache 2.2.15 - OpenSSL 1.1.0

From wiki
Jump to navigation Jump to search

Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator. 

# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
  RewriteEngine On
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L]
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile      /path/to/signed_certificate
   SSLCertificateChainFile /path/to/intermediate_certificate
   SSLCertificateKeyFile   /path/to/private_key

   # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
   Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>

# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
SSLHonorCipherOrder     off
Retrieved from "https://wiki.gccollab.ca/index.php?title=Apache_2.2.15_-_OpenSSL_1.1.0&oldid=12596"