Rated A+ from QUALYS SSL Labs

This blog gets A+ rating from QUALYS SSL Labs 🙂

A+ rating QUALYS Lab
A+ rating QUALYS Lab

Many thanks to StartCom® for free Class 1 SSL certificate. I use Apache as web server with the following configuration to support SSL :

Listen  443
LoadModule ssl_module modules/mod_ssl.so
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLCryptoDevice builtin
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
NameVirtualHost *:443

<VirtualHost *:443>
ServerAdmin admin@example.com
SSLEngine on
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/ssl/2_blog.packetbyte.net.crt
SSLCertificateKeyFile /etc/httpd/ssl/blog.key
SSLCertificateChainFile /etc/httpd/ssl/1_root_bundle.crt
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload
DocumentRoot "/var/www/html/wordpress/"
ServerName blog.packetbyte.net
ErrorLog "/var/log/httpd/blog_pb.log"
CustomLog /var/log/httpd/blogpb_access.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *