This blog gets A+ rating from QUALYS SSL Labs 🙂

Many thanks to StartCom® for free Class 1 SSL certificate. I use Apache as web server with the following configuration to support SSL :
Listen 443 LoadModule ssl_module modules/mod_ssl.so SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLCryptoDevice builtin SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin admin@example.com SSLEngine on SSLHonorCipherOrder on SSLCertificateFile /etc/httpd/ssl/2_blog.packetbyte.net.crt SSLCertificateKeyFile /etc/httpd/ssl/blog.key SSLCertificateChainFile /etc/httpd/ssl/1_root_bundle.crt SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload DocumentRoot "/var/www/html/wordpress/" ServerName blog.packetbyte.net ErrorLog "/var/log/httpd/blog_pb.log" CustomLog /var/log/httpd/blogpb_access.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files>