install/apache2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial Import

Browse Source
This commit is contained in:
Christoph
2017-02-19 12:33:53 +01:00
commit 44d65f34c3
20 changed files with 4655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
DOC/config_pfs_apache2.4.txt Normal file
View File

@ -0,0 +1,42 @@
<VirtualHost <ip-addresss>:443>
...
SSLEngine on
## - don't support weak ciphers
SSLHonorCipherOrder On
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSL_Cipher_Suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
## - HTTP Strict Transport Security (HSTS)
## -
## - HSTS tells a browser that the website should only be accessed through
## - a secure connection. The HSTS header will be remembered by a standard
## - compliant browser for max-age seconds.
## -
## - An important point is that HSTS only works after the user has received the
## - header via HTTPS. So you will still need to have a redirect from your
## - HTTP-site to HTTPS, also for supporting browsers that still do not understand
## - HSTS.
## -
## - This is easily accomplished using Apaches mod_rewrite:
## -
## - <IfModule mod_rewrite.c>
## - RewriteEngine On
## - RewriteCond %{HTTPS} off
## - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
## - </IfModule>
## -
## - Thus, with a few lines of configuration, you can make the web a safer place to
## - be for your users. So, what are you waiting for?
## -
## - Remember this settings for 1/2 year
## -
Header add Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>