Astazi am facut un articol cum sa obtinem A+ SSL vom efectua cateva modificari minore si rapide.
Aici puteti efectua test-ul : SSL Labs
Pasul 1
Home -> Service Configuration -> Apache Configuration -> Global Configuration
Schimbam cipher default cu urmatorul cipher:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Verificati urmatoarele setari sa fie ca cele din urmatoarea poza:
Pasul 2
Service Configuration -> Apache Configuration -> Include Editor -> “I wish to edit the Pre Main configuration includes…” and select the ‘All Versions’ from the drop down.
Vom adauga urmatorul cod:
Header add Strict-Transport-Security "max-age=31536000" SSLProtocol all -SSLv3 -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Pasul 3
Acum vom face rebuild si restart apache, urmatoarea comanda o vom rula in SSH
/scripts/rebuildhttpdconf ; /scripts/restartsrv_httpd
Acuma vom obtine A+ in SSL Labs
Aveti nevoie de ajutor cu Linux Server sau WordPress?