Go to English page

ViaThinkSoft CodeLib

Dieser Artikel befindet sich in der Kategorie:
CodeLibHowTosApache

You can check your server for common problems with SSL/TLS: https://www.ssllabs.com/ssltest/

In case you get a lower grade because "Forward Secrecy" is not enabled for all browsers, you can do following configuration change in Apache:

Edit /etc/apache2/mods-enabled/ssl.conf :

1. Replace
SSLCipherSuite HIGH:!aNULL
with
SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH

2. Enable the line
SSLHonorCipherOrder on

3. Additionally, you can add:
SSLStaplingCache shmcb:/var/run/ssl_stapling(32768)
Daniel Marschall
ViaThinkSoft Mitbegründer