URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/ 웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ 샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) 2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]
The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.
원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
49 | Testing the Fastest Way to Import a Table into MySQL (and some interesting 5.7 performance results) | 관리자 | 2015.12.31 | 51 |
48 | jsp 에서 사용자가 생성한 java class 호출 하기 | 관리자 | 2015.12.31 | 50 |
47 | 웹사이트 보안 개발 가이드 20160421 | 관리자 | 2017.07.25 | 49 |
46 | $_SERVER[‘SERVER_SOFTWARE’]=’Apache’ in wp-config.php | 관리자 | 2016.06.24 | 49 |
45 | WordPress 4.8 Beta 1 | 관리자 | 2017.05.13 | 48 |
44 | install proftpd with account in sql | 관리자 | 2016.01.26 | 48 |
43 | Secure by Default in MySQL 5.7 | 관리자 | 2015.12.31 | 48 |
» | Mozilla SSL Configuration Generator | 관리자 | 2016.10.15 | 47 |
41 | WordPress 4.6 “Pepper” | 관리자 | 2016.08.17 | 46 |
40 | 최신 버전 XE에서 config.inc.php 호출 내용 변경 | 관리자 | 2015.12.31 | 46 |
39 | Support for SATA and SAS disk drives with a size of 2TB or greater | 관리자 | 2017.07.07 | 45 |
38 | Changing Screen Size/Resolution of CentOS GUEST on VirtualBox | 관리자 | 2017.05.31 | 45 |
37 | Apache Tomcat Versions – Which Do I Want? | 관리자 | 2016.06.24 | 44 |
36 | WordPress 4.7.2 Security Release | 관리자 | 2017.01.27 | 43 |
35 | mod_rpaf on aws elb | 관리자 | 2016.06.17 | 43 |