How to score an -A- with Apache SSL/TLS encryption

HTTPS Encryption is a hot topic these days.
With TLS1.0 coming to end you are advised to disable all protocols lower than TLSv1.1.

Please follow the guide underneath to only allow TLSv1.1 and 1.2 with strong Ciphering:

Edit your vhost configuration and add the following options at your certificate settings:

SSLEngine On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!aNULL:!MD5

After this reload apache and run a test on SSLLabs.com

-A- Score on security

In case you still experience poor results check the following files for overruling SSL Protocol and Ciphering settings.
The same settings like SSLProtocol and SSLCipherSuite are probably listed underneath. You can comment them out using a hash (#) or put the settings above in these files.
In case of Apache2 (Debian/Ubuntu):

/etc/apache2/mods-enabled/ssl.conf

In case of HTTP (CentOS/RHEL/Fedora):

/etc/httpd/conf.d/ssl.conf

If Let’s Encrypt is installed:

/etc/letsencrypt/options-ssl-apache.conf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.