Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Apache 2.4 SSL config for A+ on SSLLabs.com
OLD stuff. This was not enough for an A+ anymore.
@ibrahim87

This comment has been minimized.

Copy link

commented Mar 2, 2016

very good

@angshumancn

This comment has been minimized.

Copy link

commented Jul 5, 2016

Does the above keyword support Apache/2.2.22 ?

@DarkLogicX

This comment has been minimized.

Copy link

commented Jul 28, 2016

Where is the "Default-SSL.conf" file?

Also when I put "SSLStaplingCache shmcb:/tmp/stapling_cache(128000)" in the SSL.conf file (the one in Httpd/conf.d/) httpd wouldn't start.

@cofifield

This comment has been minimized.

Copy link

commented Aug 29, 2016

Great Info

@zachariahtimothy

This comment has been minimized.

Copy link

commented Aug 28, 2017

Just used this, thanks for sharing! I omitted the public key pins and still received A+.

@cristiroma

This comment has been minimized.

Copy link

commented May 15, 2018

I'm not entirely sure below is correct, but using suggested config SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 - triggers https://www.whynopadlock.com/ to show warning that TLSv1 is enabled - which is not good. We are using SSLProtocol TLSv1.2 which is the current standard with upcoming TLSv1.3.

@RavSS

This comment has been minimized.

Copy link

commented Jun 30, 2018

I would avoid configuring HPKP which is the Header set Public-Key-Pins... line, it's depreciated and can cause serious downtime if you fail to use it correctly, like if you don't have backup certificates. E.g. Chrome 67 (and Google altogether) recently dropped support for it, and the end user has to enable it manually via Chrome flags. TLSv1 still might be required if you need to support older browsers and devices like IE10 and Android 4.3 or below versions.

@emilas44

This comment has been minimized.

Copy link

commented Jul 29, 2019

This does not give A+ anymore!

@hroling

This comment has been minimized.

Copy link
Owner Author

commented Jul 29, 2019

This does not give A+ anymore!

True. I will delete this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.