RSS
 

Posts Tagged ‘ssl’

How to get an A+ on Qualy’s SSL Labs Server Test (Apache)

27 Nov 2015

The SSL Server Test by Qualy’s SSL Labs is an easy way to determine how secure your SSL set up actually is.

You can run the test at: https://www.ssllabs.com/ssltest/

This is the score for this domain/server:

MoBeigi.com SSL Server Test

How to get an A+ score on an Apache HTTP server

The default Apache configuration for websites running HTTPs leaves your set up vulnerable to a variety of attacks. So you will need to modify the configuration file for your SSL enabled website.

First navigate to the httpd.conf file and open it in your favourite text editor. In my case this file was located at: /etc/httpd/conf

Navigate to the VirtualHost line that corresponds to the SSL enabled website.

Here is where we add all on configuration options. I’m not going to explain what each option does but do research that if it interests you.

The important configuration options we set are: SSLProtocol (disable SSLv2 and SSLv3), SSLHonorCipherOrder (Beast attack), SSLCipherSuite (support wide range of secure protocols) and HTTP Strict Transport Security. Obviously, replace the placeholder paths, server name (example.com) and file names.

Thats it!
Now restart your apache server ( service httpd restart ) and run the test.

 
No Comments

Posted in Server Management