Difference between revisions of "Apache 2.2.15 - OpenSSL 1.1.0"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | ||
| − | + | <code> | |
| − | < | + | # generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0 |
| − | # generated 2019-09-09, | ||
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | ||
| − | + | <VirtualHost *:80> | |
| − | + | RewriteEngine On | |
| − | + | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] | |
| − | + | </VirtualHost> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | <VirtualHost *:443> | |
| + | SSLEngine on | ||
| + | SSLCertificateFile /path/to/signed_certificate | ||
| + | SSLCertificateChainFile /path/to/intermediate_certificate | ||
| + | SSLCertificateKeyFile /path/to/private_key | ||
| − | + | # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) | |
| + | Header always set Strict-Transport-Security "max-age=63072000" | ||
| + | </VirtualHost> | ||
| − | + | # intermediate configuration, tweak to your needs | |
| + | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 | ||
| + | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ||
| + | SSLHonorCipherOrder off | ||
| + | </code> | ||
Revision as of 11:19, 12 September 2019
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator.
- generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
- requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private_key
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
- intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSLHonorCipherOrder off
