Let's see what using the old configuration to be more compatible with old browsers does for the ssl test
parent
9477ae66f2
commit
25b8749206
|
@ -17,12 +17,12 @@ SSLEngine on
|
||||||
ServerName just.unglue.it:443
|
ServerName just.unglue.it:443
|
||||||
|
|
||||||
# generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
# generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
# intermediate mode
|
# old mode (https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility)
|
||||||
# 2015.03.04 (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
|
# 2015.03.05 (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
|
||||||
|
|
||||||
SSLProtocol all -SSLv2 -SSLv3
|
SSLProtocol all -SSLv2
|
||||||
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
||||||
SSLHonorCipherOrder on
|
SSLHonorCipherOrder on
|
||||||
|
|
||||||
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
|
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
|
||||||
Header always add Strict-Transport-Security "max-age=15768000"
|
Header always add Strict-Transport-Security "max-age=15768000"
|
||||||
|
|
Loading…
Reference in New Issue