Important: The GCConnex decommission will not affect GCCollab or GCWiki. Thank you and happy collaborating!
Difference between revisions of "Apache 2.4.35 - OpenSSL 1.0.2g"
Jump to navigation
Jump to search
(Created page with "Below is an SSL Configuration for an Apache webserver (version 2.4.35) and OpenSSL (version 1.0.2g). This configuration was made with the [https://ssl-config.mozilla.org/ Mozi...") |
|||
| Line 1: | Line 1: | ||
Below is an SSL Configuration for an Apache webserver (version 2.4.35) and OpenSSL (version 1.0.2g). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | Below is an SSL Configuration for an Apache webserver (version 2.4.35) and OpenSSL (version 1.0.2g). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | ||
| + | <pre> | ||
| + | # generated 2019-09-10, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.35&config=intermediate&openssl-version=1.0.2g | ||
| + | # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | ||
| + | <VirtualHost *:80> | ||
| + | RewriteEngine On | ||
| + | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] | ||
| + | </VirtualHost> | ||
| + | |||
| + | <VirtualHost *:443> | ||
| + | SSLEngine on | ||
| + | |||
| + | # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams | ||
| + | SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams | ||
| + | SSLCertificateKeyFile /path/to/private_key | ||
| + | |||
| + | # enable HTTP/2, if available | ||
| + | Protocols h2 http/1.1 | ||
| + | |||
| + | # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) | ||
| + | Header always set Strict-Transport-Security "max-age=63072000" | ||
| + | </VirtualHost> | ||
| + | |||
| + | # intermediate configuration, tweak to your needs | ||
| + | SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 | ||
| + | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | ||
| + | SSLHonorCipherOrder off | ||
| + | |||
| + | SSLUseStapling On | ||
| + | SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" | ||
| + | </pre> | ||
Latest revision as of 10:05, 24 September 2019
Below is an SSL Configuration for an Apache webserver (version 2.4.35) and OpenSSL (version 1.0.2g). This configuration was made with the Mozilla SSL Configuration Generator.
# generated 2019-09-10, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.35&config=intermediate&openssl-version=1.0.2g
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
# curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams
SSLCertificateKeyFile /path/to/private_key
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
# intermediate configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
