Apache 2.4.39 - OpenSSL 1.1.0k
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Below is a SSL configuration for the Apache web sever version 2.4.39 using OpenSSL version 1.1.0k. This configuration file was generated by the Mozilla SSL Configuration Generator.
# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.1.0k # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers <VirtualHost *:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> SSLEngine on # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateKeyFile /path/to/private_key # enable HTTP/2, if available Protocols h2 http/1.1 # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" </VirtualHost> # intermediate configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"