Apache 2.2.15 - OpenSSL 1.1.0

From wiki
Revision as of 09:23, 24 September 2019 by Greggory.elton (talk | contribs)
Jump to navigation Jump to search

Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator.

  1. generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
  2. requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers

<VirtualHost *:80>

 RewriteEngine On
 RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L]

</VirtualHost>

<VirtualHost *:443>

  SSLEngine on
  SSLCertificateFile      /path/to/signed_certificate
  SSLCertificateChainFile /path/to/intermediate_certificate
  SSLCertificateKeyFile   /path/to/private_key
  # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
  Header always set Strict-Transport-Security "max-age=63072000"

</VirtualHost>

  1. intermediate configuration, tweak to your needs

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLHonorCipherOrder off