Open emAmazed opened 8 years ago
Reference: https://alas.aws.amazon.com/ALAS-2015-550.html
openssl dhparam -out dhparams.pem 2048
Add the following line to the config: SSLOpenSSLConfCmd DHParameters <location-of-pemfile>
SSLOpenSSLConfCmd DHParameters <location-of-pemfile>
note: SSLOpenSSLConfCmd option was added in apache 2.4.8 and later, using OpenSSL 1.0.2 or later.
SSLProtocol all -SSLv2 -SSLv3
Add the following CipherSuite to config:
SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
SSLHonorCipherOrder on
Reference: https://alas.aws.amazon.com/ALAS-2015-550.html
openssl dhparam -out dhparams.pem 2048
Add the following line to the config:
SSLOpenSSLConfCmd DHParameters <location-of-pemfile>
SSLProtocol all -SSLv2 -SSLv3
Add the following CipherSuite to config:
SSLHonorCipherOrder on