To get a good grade in ssllabs.com very easy to stay just follow the steps below.
Changes to the file with the command
pico /etc/httpd/conf.d/vhost_domain-name.conf
Find the line: <VirtualHost *: 443>
add below: Strict-Transport-Security "max-age = 63072000;"
or if using SSL wildcard: Strict-Transport-Security "max-age = 63072000; includeSubDomains"
Then see row after: SSLEngine on
If there is no add the following code:
SSLCompression on
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
see also browse SSLCipherSuite
fox with the following code:
SSLCipherSuite EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!MEDIUM:!SEED:!3DES:!CAMELLIA:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
or try:
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Save the file and restart restart Apache with the command: service httpd restart
This additional function so that if anyone browsing using http will be automatically forwarded to the https
pico /home/username/namadomainanda.com/html/.htaccess
Add the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond% {HTTPS} off
RewriteRule (. *) Https: //% {HTTP_HOST}% {REQUEST_URI}
</ IfModule>
To test lab https://www.ssllabs.com/ssltest/analyze.html?d= namadomainanda.com
Good luck
Changes to the file with the command
pico /etc/httpd/conf.d/vhost_domain-name.conf
Find the line: <VirtualHost *: 443>
add below: Strict-Transport-Security "max-age = 63072000;"
or if using SSL wildcard: Strict-Transport-Security "max-age = 63072000; includeSubDomains"
Then see row after: SSLEngine on
If there is no add the following code:
SSLCompression on
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
see also browse SSLCipherSuite
fox with the following code:
SSLCipherSuite EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!MEDIUM:!SEED:!3DES:!CAMELLIA:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
or try:
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Save the file and restart restart Apache with the command: service httpd restart
This additional function so that if anyone browsing using http will be automatically forwarded to the https
pico /home/username/namadomainanda.com/html/.htaccess
Add the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond% {HTTPS} off
RewriteRule (. *) Https: //% {HTTP_HOST}% {REQUEST_URI}
</ IfModule>
To test lab https://www.ssllabs.com/ssltest/analyze.html?d= namadomainanda.com
Good luck