Hello, I'm upgrading my apache configuration. If anyone who is a server security admin could take a look at this configuration, I need to know if the ciphers chosen are all pfs, have the strongest settings?
SSLInsecureRenegotiation Off SSLSessionTickets Off SSLOpenSSLConfCmd DHParameters "/usr/local/etc/apache24/dh.pem" SSLOpenSSLConfCmd ECDHParameters secp256k1 SSLOpenSSLConfCmd Curves secp256k1 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" My openssl version is 1.0.20, apache 2.4.34. Thanks. Dave. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
