install/apache2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
44d65f34c3
apache2/DOC/config_pfs_apache2.4.txt
Christoph 44d65f34c3 Initial Import
2017-02-19 12:33:53 +01:00

43 lines
2.0 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<VirtualHost <ip-addresss>:443>
...
SSLEngine on
## - don't support weak ciphers
SSLHonorCipherOrder On
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSL_Cipher_Suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
## - HTTP Strict Transport Security (HSTS)
## -
## - HSTS tells a browser that the website should only be accessed through
## - a secure connection. The HSTS header will be remembered by a standard
## - compliant browser for max-age seconds.
## -
## - An important point is that HSTS only works after the user has received the
## - header via HTTPS. So you will still need to have a redirect from your
## - HTTP-site to HTTPS, also for supporting browsers that still do not understand
## - HSTS.
## -
## - This is easily accomplished using Apaches mod_rewrite:
## -
## - <IfModule mod_rewrite.c>
## - RewriteEngine On
## - RewriteCond %{HTTPS} off
## - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
## - </IfModule>
## -
## - Thus, with a few lines of configuration, you can make the web a safer place to
## - be for your users. So, what are you waiting for?
## -
## - Remember this settings for 1/2 year
## -
Header add Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink