Difference between revisions of "GC HTTPS Everywhere - Web Server Configurations"

From wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
|-
 
|-
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01]
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html ITPIN 2018-01]
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Strategy| Implementation Strategy]
+
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Strategy Implementation Strategy]
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance| Implementation Guidance]
+
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance Implementation Guidance]
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Communication_Material Communication Material]
 
! style="background: #dddddd; color: black" width="250px" scope="col" |[https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Communication_Material Communication Material]
 
|}
 
|}
Line 30: Line 30:
 
|Windows Server 2008 R2/2012/2016
 
|Windows Server 2008 R2/2012/2016
 
|N/A
 
|N/A
|[[:en:Microsoft_IIS_8.5_-_WinServer|Click Here!]]
+
|[[:en:Microsoft_IIS_8.5_-_WinServer|Cert Install]] & [https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/ Cipher Order]
 
|-
 
|-
 
|nginx
 
|nginx
Line 50: Line 50:
 
|8.0.16
 
|8.0.16
 
|1.1.1
 
|1.1.1
|Click Here!
+
|[[:en:MySQL_8.0.16_-_OpenSSL_1.1.1|Click Here!]]
 
|-
 
|-
 
|nginx
 
|nginx
 
|1.17.0
 
|1.17.0
 
|1.1.1
 
|1.1.1
|Click Here!
+
|[[:en:Nginx_1.17.0_-_OpenSSL_1.1.1|Click Here!]]
 
|-
 
|-
 
|Apache
 
|Apache
 
|2.4.39
 
|2.4.39
 
|1.1.0k
 
|1.1.0k
|Click Here!
+
|[[:en:Apache_2.4.39_-_OpenSSL_1.1.0k|Click Here!]]
 
|-
 
|-
 
|Caddy
 
|Caddy
 
|0.11.5
 
|0.11.5
 
|1.1.1
 
|1.1.1
|Click Here!
+
|[[:en:Caddy_0.11.5_-_OpenSSL_1.1.1|Click Here!]]
 
|-
 
|-
 
|Caddy
 
|Caddy
 
|1.0
 
|1.0
 
|1.1.1
 
|1.1.1
|Click Here!
+
|[[:en:Caddy_1.0_-_OpenSSL_1.1.1|Click Here!]]
 
|-
 
|-
 
|Haproxy
 
|Haproxy
 
|1.9.8
 
|1.9.8
 
|1.1.1
 
|1.1.1
|Click Here!
+
|[[:en:Haproxy_1.9.8_-_OpenSSL_1.1.1|Click Here!]]
 
|-
 
|-
 
|Traefik
 
|Traefik
 
|1.7.12
 
|1.7.12
 
|1.1.1c
 
|1.1.1c
|Click Here!
+
|[[:en:Traefik_1.7.12_-_OpenSSL_1.1.1c|Click Here!]]
 
|}
 
|}
  
 
<br><br>
 
<br><br>
 
Questions? Join the conversation on [https://message.gccollab.ca/channel/httpseverywhere-httpspartout GCmessage] (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at [mailto:ZZTBSCYBERS@tbs-sct.gc.ca ZZTBSCYBERS@tbs-sct.gc.ca] with any issues/concerns related to HTTPS implementation.
 
Questions? Join the conversation on [https://message.gccollab.ca/channel/httpseverywhere-httpspartout GCmessage] (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at [mailto:ZZTBSCYBERS@tbs-sct.gc.ca ZZTBSCYBERS@tbs-sct.gc.ca] with any issues/concerns related to HTTPS implementation.

Latest revision as of 11:52, 18 November 2019

GC HTTPSEverywhere
ITPIN 2018-01 Implementation Strategy Implementation Guidance Communication Material

Below are links to example web server configurations for various different platforms and versions. Majority of these were created using the Mozilla SSL Configuration Generator. Configurations are listed in order of age for legacy to modern.

Web Server Configurations
Platform Version OpenSSL Version Link
Apache 2.2.15 1.1.0 Click Here!
Lighttpd 1.4.35 1.1.1 Click Here!
Microsoft IIS 8.5 Windows Server 2008 R2/2012/2016 N/A Cert Install & Cipher Order
nginx 1.14.1 1.1.0 Click Here!
AWS ELB 2014.2.19 1.1.1 Click Here!
Apache 2.4.35 1.0.2g Click Here!
MySQL 8.0.16 1.1.1 Click Here!
nginx 1.17.0 1.1.1 Click Here!
Apache 2.4.39 1.1.0k Click Here!
Caddy 0.11.5 1.1.1 Click Here!
Caddy 1.0 1.1.1 Click Here!
Haproxy 1.9.8 1.1.1 Click Here!
Traefik 1.7.12 1.1.1c Click Here!



Questions? Join the conversation on GCmessage (#HTTPSEverywhere-HTTPSpartout) or contact TBS Cyber Security at ZZTBSCYBERS@tbs-sct.gc.ca with any issues/concerns related to HTTPS implementation.

Retrieved from "https://wiki.gccollab.ca/index.php?title=GC_HTTPS_Everywhere_-_Web_Server_Configurations&oldid=13857"