My blog

Feb 5, 2017 - 1 minute read - tls apache

Apache TLS Config

Configuration for a secure Apache webserver setup

Header always set Strict-Transport-Security "max-age=31536000; "
Header set X-XSS-Protection "1"
Header set X-Content-Type-Options "nosniff"
SSLEngine on

/etc/apache2/mods-enabled/ssl.conf

SSLCipherSuite "ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-RSA-AES128-GCM-SHA256 \
ECDHE-RSA-AES256-GCM-SHA384 \
ECDHE-RSA-AES128-SHA \
ECDHE-RSA-AES256-SHA \
ECDHE-RSA-AES128-SHA256 \
ECDHE-RSA-AES256-SHA384"

/etc/apache2/mods-enabled/ssl.conf

SSLHonorCipherOrder on
SSLProtocol +TLSv1.2