URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/ 웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ 샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) 2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]
The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.
원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
109 | 윈도우에서 ARP CACHE 삭제/초기화 하는 방법 | 위대한유저 | 2015.05.29 | 2694 |
108 | 리눅스에서 arp cache 삭제/초기화 하는 방법 | 위대한유저 | 2015.05.29 | 34008 |
107 | REDIS-3.0.1 설치 하기 | 위대한유저 | 2015.06.04 | 394 |
106 | PHP + redis(phpredis) 연동하기 | 위대한유저 | 2015.06.04 | 257 |
105 | XE 1.8.3 Release | 위대한유저 | 2015.06.11 | 1324 |
104 | ORA-65096: invalid common user or role name on oracle12c | 위대한유저 | 2015.07.08 | 183 |
103 | SORT 와 UNIQ 를 이용한 중복행의 정렬과 횟수 카운트 | 위대한유저 | 2015.07.08 | 256 |
102 | NL-00303: SYNTAX ERROR IN NV STRING | 위대한유저 | 2015.07.08 | 243 |
101 | error messag : Fatal error: Call to undefined function session_register() | 위대한유저 | 2015.07.08 | 748 |
100 | Aria from berserk | 위대한유저 | 2015.07.08 | 974 |
99 | XE 1.8.6 RELEASE | 위대한유저 | 2015.07.14 | 168 |
98 | [MySQL] ERROR 1457 (HY000): Failed to load routine after upgrade or migratrion | 관리자 | 2015.12.08 | 124 |
97 | error when installing calypso (wp-calypso) | 관리자 | 2015.12.31 | 147 |
96 | [MySQL] ERROR 1457 (HY000): Failed to load routine after upgrade or migratrion | 관리자 | 2015.12.31 | 61 |
95 | WordPress 4.4 “Clifford” | 관리자 | 2015.12.31 | 40 |