[packages/apache] - update to current intermediate mozilla recommendation
arekm
arekm at pld-linux.org
Tue Oct 22 14:48:04 CEST 2019
commit 7ff59b58a70f2c09f2906e2579e7867116f4f5e4
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Oct 22 14:47:50 2019 +0200
- update to current intermediate mozilla recommendation
apache-mod_ssl.conf | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
---
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index f8d7e2c..575c5c8 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -58,20 +58,13 @@ SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 300
-# FOLLOW SECURE DEFAULTS: https://wiki.mozilla.org/Security/Server_Side_TLS
+# https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=modern&hsts=false
-# Usable SSL protocol flavors:
-# This directive can be used to control the SSL protocol flavors mod_ssl
-# should use when establishing its server environment. Clients then can only
-# connect with one of the provided protocols.
-SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
-
-# SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate.
-# See the mod_ssl documentation for a complete list.
-SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:TLSv1.3
-
-SSLHonorCipherOrder on
+# intermediate configuration, tweak to your needs
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder off
+SSLSessionTickets off
SSLCompression off
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/7ff59b58a70f2c09f2906e2579e7867116f4f5e4
More information about the pld-cvs-commit
mailing list