메뉴 건너뛰기

GREATUSER

tech

ETC Mozilla SSL Configuration Generator

관리자 2016.10.15 01:00 조회 수 : 119

URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/   웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ   샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)   2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]

The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.




원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
번호 제목 글쓴이 날짜 조회 수
» Mozilla SSL Configuration Generator 관리자 2016.10.15 119
123 mysql server system variables log_warnings to log_error_verbosity 관리자 2016.10.05 1746
122 [MariaDB] InnoDB: Redo log crypto: failed to decrypt log block 관리자 2016.09.28 152
121 [mysql] Buffered warning: Could not increase number of max_open_files to more than 1024 on centos 관리자 2016.09.08 163
120 Unable to validate certificate chain in aws elb – comodossl 관리자 2016.09.06 234
119 WordPress 4.6 “Pepper” 관리자 2016.08.17 151
118 리눅스 서버의 TCP 네트워크 성능을 결정짓는 커널 파라미터 이야기 – 3편 관리자 2016.08.12 159
117 리눅스 서버의 TCP 네트워크 성능을 결정짓는 커널 파라미터 이야기 – 2편 관리자 2016.08.12 165
116 리눅스 서버의 TCP 네트워크 성능을 결정짓는 커널 파라미터 이야기 – 1편 관리자 2016.08.12 155
115 WordPress 4.6 Release Candidate 관리자 2016.07.28 127
114 Warning: mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MariaDB client in /home1/htdocs/apartzm/affisacc/php/acc_tongys.inc.php on line 188ERROR 1251: Client does not smysql_connect(): Client 관리자 2016.07.26 159
113 WordPress 4.6 Beta 3 관리자 2016.07.14 124
112 mysqlbinlog: unknown variable ‘default-character-set=utf8’ 관리자 2016.07.09 144
111 WordPress 4.6 Beta 1 관리자 2016.06.30 128
110 $_SERVER[‘SERVER_SOFTWARE’]=’Apache’ in wp-config.php 관리자 2016.06.24 131
위로