Public bug reported: Apache 2 default ssl configuration should be hardened to get better overall ssl security
my proposal: /etc/apache2/mods-available/ssl.conf SSLHonorCipherOrder on SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA SSLProtocol all -SSLv2 -SSLv3 SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1358305 Title: harden default ssl settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1358305/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs