httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Mehler <dave.meh...@gmail.com>
Subject [users@httpd] apache 2.4 pfs and cipher configuration
Date Tue, 31 Jul 2018 04:01:04 GMT
Hello,

I'm upgrading my apache configuration. If anyone who is a server
security admin could take a look at this configuration, I need to know
if the ciphers chosen are all pfs, have the strongest settings?

SSLInsecureRenegotiation Off
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/usr/local/etc/apache24/dh.pem"
SSLOpenSSLConfCmd ECDHParameters secp256k1
SSLOpenSSLConfCmd Curves secp256k1
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"

My openssl version is 1.0.20, apache 2.4.34.

Thanks.
Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message