From 914c901855147246fca0fd345dbad531da5a6a31 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 16 Sep 2021 23:11:55 +0200 Subject: [PATCH] config_pfs_apache2.4.txt: channge 'SSLCipherSuite'. --- DOC/config_pfs_apache2.4.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/DOC/config_pfs_apache2.4.txt b/DOC/config_pfs_apache2.4.txt index 67cebd6..3280b35 100644 --- a/DOC/config_pfs_apache2.4.txt +++ b/DOC/config_pfs_apache2.4.txt @@ -7,8 +7,10 @@ ## - don't support weak ciphers SSLHonorCipherOrder On SSLCompression Off - SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 - SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES + #SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 + SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1 + #SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CC:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ## - HTTP Strict Transport Security (HSTS)