Created
February 3, 2017 16:25
-
-
Save nanasess/3abaf39dcfb7575138359220564dab6a to your computer and use it in GitHub Desktop.
SSL Server Test で A ランク以上を狙う設定
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LoadModule ssl_module modules/mod_ssl.so | |
| Listen 443 | |
| SSLPassPhraseDialog builtin | |
| SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) | |
| SSLSessionCacheTimeout 300 | |
| SSLMutex default | |
| SSLRandomSeed startup file:/dev/urandom 256 | |
| SSLRandomSeed connect builtin | |
| SSLCryptoDevice builtin | |
| NameVirtualHost *:443 | |
| SSLStrictSNIVHostCheck off ## 重要 | |
| <VirtualHost *:443> | |
| SSLEngine on | |
| ServerName example.org | |
| ServerAdmin webmaster@example.org | |
| DocumentRoot /var/www/html | |
| CustomLog logs/example-access_log combined | |
| ErrorLog logs/example-error_log | |
| SSLProtocol all -SSLv2 -SSLv3 ## 重要 | |
| SSLHonorCipherOrder ON ## 重要 | |
| SSLCipherSuite EECDH+HIGH:EDH+HIGH:HIGH:MEDIUM:+3DES:!ADH:!RC4:!MD5:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!PSK:!SRP:!DSS:!KRB5 ## 重要 | |
| SetEnvIf User-Agent ".*MSIE.*" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/example.org/chain.pem | |
| Header add Strict-Transport-Security "max-age=15768000" ## 重要だけど注意 | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://www.ssllabs.com/ssltest/ で A ランクを狙う。
apache2.2系