Difference between revisions of "GC HTTPS Everywhere - Web Server Configurations"

From wiki
Jump to navigation Jump to search
(Created page with "1200px|top|left|link=GC_HTTPS_Everywhere|GC HTTPSEverywhere {| class="wikitable" style="align:center; border-top: #000000 2p...")
 
 
(22 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
|-
 
|-
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01]
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01]
! style="background: #dddddd; color: black" width="250px" scope="col" |[[../Strategy | Implementation Strategy]]
+
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Strategy Implementation Strategy]
! style="background: #dddddd; color: black" width="250px" scope="col" |[[../Implementation Guidance | Implementation Guidance]]
+
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance Implementation Guidance]
! style="background: #dddddd; color: black" width="250px" scope="col" |[[../Communication Material | Communication Material]]
+
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Communication_Material Communication Material]
 
|}
 
|}
 +
 +
Below are links to example web server configurations for various different platforms and versions. Majority of these were created using the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. Configurations are listed in order of age for legacy to modern.
 +
{| class="wikitable"
 +
|+Web Server Configurations
 +
!Platform
 +
!Version
 +
!OpenSSL Version
 +
!Link
 +
|-
 +
|Apache
 +
|2.2.15
 +
|1.1.0
 +
|[[:en:Apache_2.2.15_-_OpenSSL_1.1.0|Click Here!]]
 +
|-
 +
|Lighttpd
 +
|1.4.35
 +
|1.1.1
 +
|[[:en:Lighttpd_1.4.35_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|Microsoft IIS 8.5
 +
|Windows Server 2008 R2/2012/2016
 +
|N/A
 +
|[[:en:Microsoft_IIS_8.5_-_WinServer|Cert Install]] & [https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/ Cipher Order]
 +
|-
 +
|nginx
 +
|1.14.1
 +
|1.1.0
 +
|[[:en:Nginx_1.14.1_-_OpenSSL_1.1.0|Click Here!]]
 +
|-
 +
|AWS ELB
 +
|2014.2.19
 +
|1.1.1
 +
|[[:en:AWS_ELB_2014.2.19|Click Here!]]
 +
|-
 +
|Apache
 +
|2.4.35
 +
|1.0.2g
 +
|[[:en:Apache_2.4.35_-_OpenSSL_1.0.2g|Click Here!]]
 +
|-
 +
|MySQL
 +
|8.0.16
 +
|1.1.1
 +
|[[:en:MySQL_8.0.16_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|nginx
 +
|1.17.0
 +
|1.1.1
 +
|[[:en:Nginx_1.17.0_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|Apache
 +
|2.4.39
 +
|1.1.0k
 +
|[[:en:Apache_2.4.39_-_OpenSSL_1.1.0k|Click Here!]]
 +
|-
 +
|Caddy
 +
|0.11.5
 +
|1.1.1
 +
|[[:en:Caddy_0.11.5_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|Caddy
 +
|1.0
 +
|1.1.1
 +
|[[:en:Caddy_1.0_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|Haproxy
 +
|1.9.8
 +
|1.1.1
 +
|[[:en:Haproxy_1.9.8_-_OpenSSL_1.1.1|Click Here!]]
 +
|-
 +
|Traefik
 +
|1.7.12
 +
|1.1.1c
 +
|[[:en:Traefik_1.7.12_-_OpenSSL_1.1.1c|Click Here!]]
 +
|}
 +
 +
<br><br>
 +
Questions? Join the conversation on [https://message.gccollab.ca/channel/httpseverywhere-httpspartout GCmessage] (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at [mailto:ZZTBSCYBERS@tbs-sct.gc.ca ZZTBSCYBERS@tbs-sct.gc.ca] with any issues/concerns related to HTTPS implementation.

Latest revision as of 10:52, 18 November 2019

GC HTTPSEverywhere
ITPIN 2018-01 Implementation Strategy Implementation Guidance Communication Material

Below are links to example web server configurations for various different platforms and versions. Majority of these were created using the Mozilla SSL Configuration Generator. Configurations are listed in order of age for legacy to modern.

Web Server Configurations
Platform Version OpenSSL Version Link
Apache 2.2.15 1.1.0 Click Here!
Lighttpd 1.4.35 1.1.1 Click Here!
Microsoft IIS 8.5 Windows Server 2008 R2/2012/2016 N/A Cert Install & Cipher Order
nginx 1.14.1 1.1.0 Click Here!
AWS ELB 2014.2.19 1.1.1 Click Here!
Apache 2.4.35 1.0.2g Click Here!
MySQL 8.0.16 1.1.1 Click Here!
nginx 1.17.0 1.1.1 Click Here!
Apache 2.4.39 1.1.0k Click Here!
Caddy 0.11.5 1.1.1 Click Here!
Caddy 1.0 1.1.1 Click Here!
Haproxy 1.9.8 1.1.1 Click Here!
Traefik 1.7.12 1.1.1c Click Here!



Questions? Join the conversation on GCmessage (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at ZZTBSCYBERS@tbs-sct.gc.ca with any issues/concerns related to HTTPS implementation.