How to improve "Key Exchange" and "Cipher Strength" ranks in "ssllabs" ?
Posted: 2020/09/01 18:22:07
Hello,
I have two questions about Apache:
1- Which config lines must be into "httpd.conf" file and which one in the Virtual Host file under "conf.d" directory? For example, below line must be into "httpd.conf" or Virtual Host file under "conf.d" directory:
2- When I test my site on https://www.ssllabs.com/ssltest then "Key Exchange" and "Cipher Strength" are not 100. As you see I added below lines too:
How can I improve it?
Thank you.
I have two questions about Apache:
1- Which config lines must be into "httpd.conf" file and which one in the Virtual Host file under "conf.d" directory? For example, below line must be into "httpd.conf" or Virtual Host file under "conf.d" directory:
Code: Select all
TraceEnable off
ServerSignature Off
ServerTokens Prod
SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparams.pem"
TimeOut 60
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
ErrorDocument 500 "Oh sorry dear."
FileETag MTime
KeepAlive On
MaxKeepAliveRequests 100
MaxConnectionsPerChild 1000
UseCanonicalName Off
LimitInternalRecursion 5
LimitRequestFields 500
AcceptPathInfo Off
MaxRanges 100
KeepAliveTimeout 4
# Modules
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule headers_module modules/mod_headers.so
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
Code: Select all
SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparams.pem"
- SSL.PNG (23.45 KiB) Viewed 1076 times
Thank you.