Just another WordPress site

Apache – Secure HTTPS configuration

If you offer HTTPS to your customers, you should not use weak encryption keys. This is a recommended setup:

1
2
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:-MEDIUM

You can also test whether you server supports weak encryption or not:

1
2
# this command should fail
openssl s_client -no_tls1 -no_ssl3 -connect www.your-server.tld:443

In case you want to check, what protocols and ciphers your webserver supports i suggest you to use SSLscan.

Leave a comment for: "Apache – Secure HTTPS configuration"

You must be logged in to post a comment.