MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Update apache.24.misp.ssl 

StrongCiphers4All! \o/
pull/7389/head
AaronK 2021-05-03 17:17:51 +02:00 committed by GitHub
parent 7528580fb1
commit 40e28176f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
INSTALL/apache.24.misp.ssl
View File

@ -27,8 +27,19 @@
</Directory>
SSLEngine On
# The line below disable unsecure Ciphers, might be enabled by default
# SSLCipherSuite HIGH:!aNULL:!MD5
# StrongCiphers4All! \o/
# This proposal adds strong cipher suites based on the Mozilla recommendations.
# mozilla config generator: https://ssl-config.mozilla.org/#server=apache&version=2.4.29&config=intermediate&openssl=1.1.1&guideline=5.6
# intermediate configuration
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
# enable HTTP/2, if available
Protocols h2 http/1.1
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
@ -51,3 +62,7 @@
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
</VirtualHost>
# strongciphers4All! \o/
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"