How to secure your SSL sites
How to secure your SSL sites
Hi friends,
There is SSLv3 vulnerability and other on SSLv2 also. Now TLSv2 will come handy. So this is the configuration for hardening:
#Edit webserver Config File for disabling SSLV2, V3 & Weak Ciphers
#SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCipherSuite ALL:!aNULL:!eNULL:!EXP:!LOW:!MD5:!RC4:!SHA1:!DH:!DES:!3DES
SSLProtocol All -SSLv2 -SSLv3 -TLSv1.0
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# This setting will work on Apache versions >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
#Enter the following line in : /etc/apache2/mods-available/ssl.conf
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"