Difference between revisions of "Apache 2.4.39 - OpenSSL 1.1.0k"
Jump to navigation
Jump to search
(Created page with "Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org...") |
|||
| Line 1: | Line 1: | ||
| − | Below is a SSL configuration for the nginx web server version 1. | + | Below is a SSL configuration for the nginx web server version 1.1, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.] |
<pre> | <pre> | ||
| + | |||
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k | # generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k | ||
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
| − | RewriteEngine On | + | |
| + | RewriteEngine On | ||
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] | ||
| + | |||
</VirtualHost> | </VirtualHost> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
| − | SSLEngine on | + | |
| + | SSLEngine on | ||
# curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams | # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams | ||
| Line 20: | Line 24: | ||
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) | # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) | ||
Header always set Strict-Transport-Security "max-age=63072000" | Header always set Strict-Transport-Security "max-age=63072000" | ||
| + | |||
</VirtualHost> | </VirtualHost> | ||
Revision as of 11:24, 24 September 2019
Below is a SSL configuration for the nginx web server version 1.1, using OpenSSL version 1.1.1. This configuration file was generated by the Mozilla SSL Configuration Generator.
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers <VirtualHost *:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> SSLEngine on # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateKeyFile /path/to/private_key # enable HTTP/2, if available Protocols h2 http/1.1 # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" </VirtualHost> # intermediate configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
