To get A+ with Apache2 (i guess the difference betwenn A and A+ is HSTS
enabled, too lazy to check is out):
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:HIGH:MEDIUM:!RC4:!3DES:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'
SSLCertificateFile /etc/apache2/cert.crt
SSLCertificateKeyFile /etc/apache2/cert.key
SSLCACertificateFile /etc/apache2/intermediate-ca-cert.crt
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000"
</IfModule>
Your personal preference of Ciphers might be different.
Am 18.05.2017 um 18:28 schrieb Alexandre Adao:
Hello,
I am trying to get A or A+ from the SSL server Test
(https://www.ssllabs.com/ssltest ). I am ruining OpenSSL 1.0.1e-fips and
Linux. I have grade A- and I think is because the issue with Forward
Secrecy. Any advise please?
--
Alex Adao
_______________________________________________
User mailing list
User@owncloud.org
http://mailman.owncloud.org/mailman/listinfo/user
_______________________________________________
User mailing list
User@owncloud.org
http://mailman.owncloud.org/mailman/listinfo/user
