install/apache2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
914c901855
apache2/DOC/config_pfs_apache2.4.txt

45 lines
2.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<VirtualHost <ip-addresss>:443>
...
SSLEngine on
## - don't support weak ciphers
SSLHonorCipherOrder On
SSLCompression Off
#SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1
SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
#SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CC:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
## - HTTP Strict Transport Security (HSTS)
## -
## - HSTS tells a browser that the website should only be accessed through
## - a secure connection. The HSTS header will be remembered by a standard
## - compliant browser for max-age seconds.
## -
## - An important point is that HSTS only works after the user has received the
## - header via HTTPS. So you will still need to have a redirect from your
## - HTTP-site to HTTPS, also for supporting browsers that still do not understand
## - HSTS.
## -
## - This is easily accomplished using Apaches mod_rewrite:
## -
## - <IfModule mod_rewrite.c>
## - RewriteEngine On
## - RewriteCond %{HTTPS} off
## - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
## - </IfModule>
## -
## - Thus, with a few lines of configuration, you can make the web a safer place to
## - be for your users. So, what are you waiting for?
## -
## - Remember this settings for 1/2 year
## -
Header add Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink