For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > Apache > 2.4 > ssl.conf


Created by dave. Last edited by dave, 72 days ago. Viewed 121 times. #1
[edit] [rdf]

Sample ssl.conf for Apache 2.4.34 on Fedora 28

Coments and shit stripped out

This config gives me an A from Qualys SSL Labs

Listen https
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCertificateFile /etc/ssl/certs/
SSLCertificateKeyFile /etc/ssl/certs/
SSLCertificateChainFile /etc/ssl/certs/
<Files ~ ".(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" 
         nokeepalive ssl-unclean-shutdown 
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log 
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt