Hi every one
after update my certificate i use https://www.ssllabs.com/ssltest to test, it show that i have to disable SSL3, am trying this HOWTO: A+ with all 100%'s on SSL Labs test using apache2.4 (READ WARNINGS) but not working for me.
am using ubuntu 12.04, apache 2.2 and openssl 1.1
any help will be much appreciated
Hi every one
are you really sure you want to do that ?
If it’s a test domain, and very few people need to use it, and you’re doing it for education purposes … then all is good if it’s a life domain, that users want to get to then having all 100’s on ssllabs will block some of your users.
Can you provide a little more info ? are you trying to get to all 100’s ? or just get a good secure site, available to most users ?
What’s the domain name ?
What’s the current apache config for that domain ( pastebin.com is probably the easiest place to paste that )
thank you for reply
it not important to get 100s just good secure will be enough, my domain is mail1.uofk.edu
and this is the apache vhost conf file:
OK, that makes much more sense
https://mozilla.github.io/server-side-tls/ssl-config-generator/ is a good resource
in your above example, I’d start by adding the line
SSLProtocol all -SSLv3
then reload apache and test again
this is great, SSL3 disabled now and my rate become B now
it gave me weak DH, do u think it’s important to increase 1024 bit to 2048?
D to B - that’s good - going in the right direction
Personally I would, yes.
It’s worth using the Mozilla link above to determine which ciphers etc are good for you.
One to be careful with though is
Header always set Strict-Transport-Security “max-age=15768000”
especially if including options like subdomains. Basically it’s forcing your users to always use HTTPS ( which is a good thing ), but only once you have tested and made sure everything is working, otherwise you will block your users from your site
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.