URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/ 웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ 샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) 2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]
The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.
원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
49 | 리눅스 virtualbox에서 게스트os에 usb드라이브 마운트 안된다면... | 위대한유저 | 2015.01.20 | 472 |
48 | IIS의 ASP페이지에서 데이터베이스 연결을 만드는 방법 | 위대한유저 | 2014.12.14 | 477 |
47 | TOMCAT + APACHE BY MOD_PROXY | 위대한유저 | 2015.04.28 | 483 |
46 | Intel CPUs and Supported Red Hat Enterprise Linux (RHEL) Versions | 관리자 | 2016.12.29 | 527 |
45 | WordPress 4.9 Beta 4 | 관리자 | 2017.10.26 | 541 |
44 | CVE-2015-0235 GHOST BUG | 위대한유저 | 2015.02.05 | 617 |
43 | WordPress 4.9 “Tipton” | 관리자 | 2017.11.16 | 714 |
42 | error messag : Fatal error: Call to undefined function session_register() | 위대한유저 | 2015.07.08 | 748 |
41 | cacti-0.8.8c 버전에서의 주의점 | 위대한유저 | 2015.02.03 | 785 |
40 | WordPress 4.9.1 Security and Maintenance Release | 관리자 | 2017.11.30 | 809 |
39 | cannot load media library on wordpress (feat. modsecurity & sql injection ruleset) | 관리자 | 2018.02.26 | 838 |
38 | Aria from berserk | 위대한유저 | 2015.07.08 | 974 |
37 | [python] ValueError: zero length field name in format. | 관리자 | 2018.03.30 | 1044 |
36 | atime, mtime, ctime 의 차이점 | 위대한유저 | 2014.11.27 | 1050 |
35 | hdparm 을 이용한 디스크 초기화 | 위대한유저 | 2014.11.14 | 1176 |