Difference between revisions of "GC HTTPS Everywhere - Web Server Configurations"
Jump to navigation
Jump to search
(8 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
|- | |- | ||
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01] | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01] | ||
− | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Strategy | + | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Strategy Implementation Strategy] |
− | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance | + | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance Implementation Guidance] |
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Communication_Material Communication Material] | ! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Communication_Material Communication Material] | ||
|} | |} | ||
Line 30: | Line 30: | ||
|Windows Server 2008 R2/2012/2016 | |Windows Server 2008 R2/2012/2016 | ||
|N/A | |N/A | ||
− | | | + | |[[:en:Microsoft_IIS_8.5_-_WinServer|Cert Install]] & [https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/ Cipher Order] |
|- | |- | ||
|nginx | |nginx | ||
|1.14.1 | |1.14.1 | ||
|1.1.0 | |1.1.0 | ||
− | |Click Here! | + | |[[:en:Nginx_1.14.1_-_OpenSSL_1.1.0|Click Here!]] |
|- | |- | ||
|AWS ELB | |AWS ELB | ||
|2014.2.19 | |2014.2.19 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:AWS_ELB_2014.2.19|Click Here!]] |
|- | |- | ||
|Apache | |Apache | ||
|2.4.35 | |2.4.35 | ||
|1.0.2g | |1.0.2g | ||
− | |Click Here! | + | |[[:en:Apache_2.4.35_-_OpenSSL_1.0.2g|Click Here!]] |
|- | |- | ||
|MySQL | |MySQL | ||
|8.0.16 | |8.0.16 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:MySQL_8.0.16_-_OpenSSL_1.1.1|Click Here!]] |
|- | |- | ||
|nginx | |nginx | ||
|1.17.0 | |1.17.0 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:Nginx_1.17.0_-_OpenSSL_1.1.1|Click Here!]] |
|- | |- | ||
|Apache | |Apache | ||
|2.4.39 | |2.4.39 | ||
|1.1.0k | |1.1.0k | ||
− | |Click Here! | + | |[[:en:Apache_2.4.39_-_OpenSSL_1.1.0k|Click Here!]] |
|- | |- | ||
|Caddy | |Caddy | ||
|0.11.5 | |0.11.5 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:Caddy_0.11.5_-_OpenSSL_1.1.1|Click Here!]] |
|- | |- | ||
|Caddy | |Caddy | ||
|1.0 | |1.0 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:Caddy_1.0_-_OpenSSL_1.1.1|Click Here!]] |
|- | |- | ||
|Haproxy | |Haproxy | ||
|1.9.8 | |1.9.8 | ||
|1.1.1 | |1.1.1 | ||
− | |Click Here! | + | |[[:en:Haproxy_1.9.8_-_OpenSSL_1.1.1|Click Here!]] |
+ | |- | ||
+ | |Traefik | ||
+ | |1.7.12 | ||
+ | |1.1.1c | ||
+ | |[[:en:Traefik_1.7.12_-_OpenSSL_1.1.1c|Click Here!]] | ||
|} | |} | ||
<br><br> | <br><br> | ||
Questions? Join the conversation on [https://message.gccollab.ca/channel/httpseverywhere-httpspartout GCmessage] (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at [mailto:ZZTBSCYBERS@tbs-sct.gc.ca ZZTBSCYBERS@tbs-sct.gc.ca] with any issues/concerns related to HTTPS implementation. | Questions? Join the conversation on [https://message.gccollab.ca/channel/httpseverywhere-httpspartout GCmessage] (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at [mailto:ZZTBSCYBERS@tbs-sct.gc.ca ZZTBSCYBERS@tbs-sct.gc.ca] with any issues/concerns related to HTTPS implementation. |
Latest revision as of 10:52, 18 November 2019
ITPIN 2018-01 | Implementation Strategy | Implementation Guidance | Communication Material |
---|
Below are links to example web server configurations for various different platforms and versions. Majority of these were created using the Mozilla SSL Configuration Generator. Configurations are listed in order of age for legacy to modern.
Platform | Version | OpenSSL Version | Link |
---|---|---|---|
Apache | 2.2.15 | 1.1.0 | Click Here! |
Lighttpd | 1.4.35 | 1.1.1 | Click Here! |
Microsoft IIS 8.5 | Windows Server 2008 R2/2012/2016 | N/A | Cert Install & Cipher Order |
nginx | 1.14.1 | 1.1.0 | Click Here! |
AWS ELB | 2014.2.19 | 1.1.1 | Click Here! |
Apache | 2.4.35 | 1.0.2g | Click Here! |
MySQL | 8.0.16 | 1.1.1 | Click Here! |
nginx | 1.17.0 | 1.1.1 | Click Here! |
Apache | 2.4.39 | 1.1.0k | Click Here! |
Caddy | 0.11.5 | 1.1.1 | Click Here! |
Caddy | 1.0 | 1.1.1 | Click Here! |
Haproxy | 1.9.8 | 1.1.1 | Click Here! |
Traefik | 1.7.12 | 1.1.1c | Click Here! |
Questions? Join the conversation on GCmessage (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at ZZTBSCYBERS@tbs-sct.gc.ca with any issues/concerns related to HTTPS implementation.