Apache 2.2.15 - OpenSSL 1.1.0

From wiki
Revision as of 09:23, 16 September 2019 by Greggory.elton (talk | contribs)
Jump to navigation Jump to search

Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator. 

<code>
 # generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
 # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 <VirtualHost *:80>
     RewriteEngine On
     RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
 </VirtualHost>
 <VirtualHost *:443>
     SSLEngine on
     SSLCertificateFile      /path/to/signed_certificate
     SSLCertificateChainFile /path/to/intermediate_certificate
     SSLCertificateKeyFile   /path/to/private_key
     # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
     Header always set Strict-Transport-Security "max-age=63072000"
 </VirtualHost>
 # intermediate configuration, tweak to your needs
 SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
 SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
 SSLHonorCipherOrder     off
</code>
Retrieved from "https://wiki.gccollab.ca/index.php?title=Apache_2.2.15_-_OpenSSL_1.1.0&oldid=12333"