Difference between revisions of "Apache 2.4.39 - OpenSSL 1.1.0k"

From wiki
Jump to navigation Jump to search
(Created page with "Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org...")
 
Line 1: Line 1:
Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.]
+
Below is a SSL configuration for the nginx web server version 1.1, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.]
 
<pre>
 
<pre>
 +
 
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k
 
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k
 
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 
<VirtualHost *:80>
 
<VirtualHost *:80>
     RewriteEngine On
+
      
 +
RewriteEngine On
 
     RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
 
     RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
 +
 
</VirtualHost>
 
</VirtualHost>
  
 
<VirtualHost *:443>
 
<VirtualHost *:443>
     SSLEngine on
+
      
 +
SSLEngine on
  
 
     # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
 
     # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
Line 20: Line 24:
 
     # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
 
     # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
 
     Header always set Strict-Transport-Security "max-age=63072000"
 
     Header always set Strict-Transport-Security "max-age=63072000"
 +
 
</VirtualHost>
 
</VirtualHost>
  

Revision as of 10:24, 24 September 2019

Below is a SSL configuration for the nginx web server version 1.1, using OpenSSL version 1.1.1. This configuration file was generated by the Mozilla SSL Configuration Generator.


# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
    
RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

</VirtualHost>

<VirtualHost *:443>
    
SSLEngine on

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
    SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs_and_dhparams
    SSLCertificateKeyFile   /path/to/private_key

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"

</VirtualHost>

# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"