wiki

Changes

Apache 2.2.15 - OpenSSL 1.1.0 (view source)

Revision as of 10:45, 24 September 2019

88 bytes removed ,  10:45, 24 September 2019
m
Greggory.elton moved page Web Server Configuration - Apache 2.2.15 - OSSL 1.1.0 to Apache 2.2.15 - OpenSSL 1.1.0
Line 1: Line 1: −
{{DISPLAYTITLE:Apache2.2.15-OSSL1.1.0}}
+
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
 +
<pre>
 +
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
 +
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 +
<VirtualHost *:80>
 +
  RewriteEngine On
 +
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L]
 +
</VirtualHost>
 +
 
 +
<VirtualHost *:443>
 +
  SSLEngine on
 +
  SSLCertificateFile      /path/to/signed_certificate
 +
  SSLCertificateChainFile /path/to/intermediate_certificate
 +
  SSLCertificateKeyFile  /path/to/private_key
 +
 
 +
  # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
 +
  Header always set Strict-Transport-Security "max-age=63072000"
 +
</VirtualHost>
   −
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
+
# intermediate configuration, tweak to your needs
# generated 2019-09-09, <nowiki>https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0</nowiki>
+
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
+
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256  
<VirtualHost *:80>
+
SSLHonorCipherOrder    off
    RewriteEngine On
+
</pre>
    RewriteRule ^(.*)$ <nowiki>https://%{HTTP_HOST}$1</nowiki> [R=301,L]
  −
</VirtualHost>
  −
<VirtualHost *:443>
  −
    SSLEngine on
  −
    SSLCertificateFile      /path/to/signed_certificate
  −
    SSLCertificateChainFile /path/to/intermediate_certificate
  −
    SSLCertificateKeyFile  /path/to/private_key
  −
    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
  −
    Header always set Strict-Transport-Security "max-age=63072000"
  −
</VirtualHost>
  −
# intermediate configuration, tweak to your needs
  −
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
  −
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256  
  −
SSLHonorCipherOrder    off
 
Retrieved from "https://wiki.gccollab.ca/Special:MobileDiff/12287...12596"