Secure your apache webserver openssl configuration to score an A in ssllabs

Posted on by sjaak

 

 

Open /etc/apache2/apache2.conf in you favorite editor

  1. Disable ssl v2 and v3 by changing the line starting with sslprotocol to the one below
    SSLProtocol ALL -SSLv2 -SSLv3
  2. add the following line to make sure the ciphers are used in best order
    SSLHonorCipherOrder On
  3. Change the sslcipherSuite line to the one below and save the file afterwards
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  4. Restart apache2
    service apache2 restart
  5. check the configuration on ssllabs

 

 

 

sjaak

More Posts