Difference between revisions of "GC HTTPS Everywhere/Implementation Guidance/Apache2.2.15-OSSL1.1.0"

From wiki
Jump to: navigation, search
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
{{DISPLAYTITLE:Apache2.2.15-OSSL1.1.0}}
 +
 
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
 
Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
 
+
  # generated 2019-09-09, <nowiki>https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0</nowiki>
  ''# generated 2019-09-09, <nowiki>https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0</nowiki>
+
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
 
+
<VirtualHost *:80>
  # requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
+
    RewriteEngine On
 
+
    RewriteRule ^(.*)$ <nowiki>https://%{HTTP_HOST}$1</nowiki> [R=301,L]
  <VirtualHost *:80>''
+
  </VirtualHost>
 
+
  <VirtualHost *:443>
    RewriteEngine On
+
    SSLEngine on
 
+
    SSLCertificateFile      /path/to/signed_certificate
    RewriteRule ^(.*)$ <nowiki>https://%{HTTP_HOST}$1</nowiki> '''[R=301,L]'''
+
    SSLCertificateChainFile /path/to/intermediate_certificate
 
+
    SSLCertificateKeyFile  /path/to/private_key
  '''</VirtualHost>'''
+
    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
 
+
    Header always set Strict-Transport-Security "max-age=63072000"
  '''<VirtualHost *:443>'''
+
  </VirtualHost>
 
+
  # intermediate configuration, tweak to your needs
    SSLEngine on
+
  SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
 
+
  SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256
    SSLCertificateFile      /path/to/signed_certificate
+
  SSLHonorCipherOrder    off
 
 
    SSLCertificateChainFile /path/to/intermediate_certificate
 
 
 
    SSLCertificateKeyFile   /path/to/private_key
 
 
 
    ''# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)''
 
 
 
    Header always set Strict-Transport-Security "max-age=63072000"
 
 
 
  '''</VirtualHost>'''
 
 
 
  ''# intermediate configuration, tweak to your needs''
 
 
 
  SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
 
 
 
  SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
 
 
 
  SSLHonorCipherOrder     off
 

Revision as of 11:29, 12 September 2019


Below is an SSL Configuration for an Apache webserver (version 2.2.15) and OpenSSL (version 1.1.0). This configuration was made with the Mozilla SSL Configuration Generator.

# generated 2019-09-09, https://ssl-config.mozilla.org/#server=apache&server-version=2.2.15&config=intermediate&openssl-version=1.1.0
# requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private_key
    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 –TLSv1.2
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384: ECDHE_RSA_WITH_AES_256_GCM_SHA384:ECDHE_RSA_WITH_AES_128_GCM_SHA256 
SSLHonorCipherOrder     off