Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:apache_http_server [2018/03/23 16:01] billdozor [httpd.conf - Global Configs] |
linux_wiki:apache_http_server [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 152: | Line 152: | ||
Protocol and Ciphers | Protocol and Ciphers | ||
<code bash> | <code bash> | ||
- | SSLProtocol TLSv1.2 | + | SSLProtocol TLSv1.2 |
- | SSLCipherSuite HIGH:!DHE:!EDH:!RC4:!ADH:!MEDIUM | + | SSLCipherSuite HIGH:!MEDIUM:!3DES:!ADH:!AECDH:!DHE: |
</ | </ | ||
* Default SSLProtocol: | * Default SSLProtocol: | ||
Line 163: | Line 163: | ||
</ | </ | ||
- | ==== SSL Verification ==== | + | ---- |
- | Check what ciphers will be used given an Apache config | + | ===== Other Security Settings ===== |
- | <code bash> | + | |
- | openssl ciphers -v ' | + | |
- | </ | + | |
- | Verify server offered ciphers | + | Other important security settings. |
- | <code bash> | + | |
- | sslscan | + | ==== Redirect HTTP to HTTPS ==== |
- | </ | + | |
- | * Look for " | + | Redirect all HTTP to HTTPS<code bash>< |
+ | ServerName example.com | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https:// | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== HSTS ==== | ||
+ | |||
+ | Enabling HTTPS Strict Transport Security (HSTS). | ||
+ | |||
+ | Add the strict transport security header to the listening HTTPS host section | ||
+ | <code bash># Optionally load the headers module: | ||
+ | LoadModule headers_module modules/ | ||
+ | |||
+ | < | ||
+ | Header always set Strict-Transport-Security " | ||
+ | </ | ||
+ | * max-age=63072000 -> Tell web browsers to connect to the site using HTTPS only for two years. Countdown is reset each time the site is visited. | ||
---- | ---- |