Difference between revisions of "Apache 2.2.15 - OpenSSL 1.1.0"
Jump to navigation
Jump to search
(Created page with "Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozil...") |
m (Greggory.elton moved page Web Server Configuration - Apache 2.2.15 - OSSL 1.1.0 to Apache 2.2.15 - OpenSSL 1.1.0) |
||
(39 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | ||
+ | <pre> | ||
+ | # generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0 | ||
+ | # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | ||
+ | <VirtualHost *:80> | ||
+ | RewriteEngine On | ||
+ | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L] | ||
+ | </VirtualHost> | ||
− | + | <VirtualHost *:443> | |
+ | SSLEngine on | ||
+ | SSLCertificateFile /path/to/signed_certificate | ||
+ | SSLCertificateChainFile /path/to/intermediate_certificate | ||
+ | SSLCertificateKeyFile /path/to/private_key | ||
− | + | # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) | |
+ | Header always set Strict-Transport-Security "max-age=63072000" | ||
+ | </VirtualHost> | ||
− | + | # intermediate configuration, tweak to your needs | |
− | + | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 | |
− | + | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
− | + | SSLHonorCipherOrder off | |
− | + | </pre> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 10:45, 24 September 2019
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator.
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0 # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers <VirtualHost *:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L] </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private_key # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" </VirtualHost> # intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLHonorCipherOrder off