Difference between revisions of "Apache 2.2.15 - OpenSSL 1.1.0"

From wiki
Jump to navigation Jump to search
(Greggory.elton changed the content model of the page GC HTTPS Everywhere/Implementation Guidance/Apache2.2.15-OSSL1.1.0 from "CSS" to "wikitext": revert change)
Tag: content model change
Line 2: Line 2:
 
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
 
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
 
<pre>
 
<pre>
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
+
''# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
 
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 
<VirtualHost *:80>
 
<VirtualHost *:80>
Line 22: Line 22:
 
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
 
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
 
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256  
 
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256  
SSLHonorCipherOrder    off
+
SSLHonorCipherOrder    off''
 
</pre>
 
</pre>

Revision as of 11:36, 16 September 2019

Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator.

''# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
  RewriteEngine On
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1[R=301,L]
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile      /path/to/signed_certificate
   SSLCertificateChainFile /path/to/intermediate_certificate
   SSLCertificateKeyFile   /path/to/private_key

   # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
   Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>

# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
SSLHonorCipherOrder     off''