[Bug 1358305] [NEW] harden default ssl settings
Christoph_vW
Christoph at ApiViewer.de
Mon Aug 18 14:01:57 UTC 2014
Public bug reported:
Apache 2 default ssl configuration should be hardened to get better
overall ssl security
my proposal:
/etc/apache2/mods-available/ssl.conf
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA
SSLProtocol all -SSLv2 -SSLv3
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1358305
Title:
harden default ssl settings
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1358305/+subscriptions
More information about the Ubuntu-server-bugs
mailing list