URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/ 웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ 샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) 2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]
The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.
원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
124 | CVE-2015-0235 GHOST BUG | 위대한유저 | 2015.02.05 | 617 |
123 | 삼바 사용시 smb_pwd_check_ntlmv1: incorrect password length 에러 대처 | 위대한유저 | 2015.03.18 | 455 |
122 | 윈도우폰에서 앱 설치가 되지 않을때 | 위대한유저 | 2015.03.28 | 267 |
121 | PHP 지원기간 안내 (PHP Supported Versions) | 위대한유저 | 2015.04.03 | 94 |
120 | net use 사용시 시스템 오류 58(이)가 생겼습니다. | 위대한유저 | 2015.04.08 | 6082 |
119 | Red Hat Enterprise Linux technology capabilities and limits | 위대한유저 | 2015.04.20 | 333 |
118 | PERMIT ROOT LOGIN AT UBUNTU | 위대한유저 | 2015.04.23 | 143 |
117 | UBUNTU DESKTOP CHANGE RESOLUTION ON VIRTUALBOX | 위대한유저 | 2015.04.23 | 147 |
116 | TOMCAT + APACHE BY MOD_PROXY | 위대한유저 | 2015.04.28 | 483 |
115 | Creating default object from empty value in PHP5.4 | 위대한유저 | 2015.04.29 | 107 |
114 | boot single mode in centos7 or rhel7 | 위대한유저 | 2015.05.07 | 206 |
113 | POODLE SSLV3.0 취약점 해결을 위한 HTTPD 설정 (CVE-2014-3566) | 위대한유저 | 2015.05.13 | 340 |
112 | installation documentation for Redmine 1.4.0 and higher | 위대한유저 | 2015.05.13 | 227 |
111 | creative commons licenses | 위대한유저 | 2015.05.21 | 125 |
110 | XE 1.8.2까지의 버전에서 슬라이드 사용안함 속성이 반영 안되는 문제 | 위대한유저 | 2015.05.21 | 1754 |