How to properly configure SSL on apache?

T

trukhachev2015-03-10 21:47:12

Apache HTTP Server

trukhachev, 2015-03-10 21:47:12

I'm setting up SSL for the first time, I did everything according to the instructions. At first glance, everything seems to be working, so I decided to check the site through the https://www.ssllabs.com service. As a result, the service gave me "F", where "Protocol Support - 0" and "POODLE (SSLv3) Vulnerable INSECURE"
The settings for the server that I made.
For port 80 I set up a forwarding (/etc/apache2/sites-enabled/000-default.conf)

<VirtualHost *:80>

ServerName www.domen.ru
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Settings for 443 (/etc/apache2/sites-enabled/domen_vhosts.conf):

<VirtualHost IP:443>
  DocumentRoot /home/agent/domen.ru/http
  CustomLog /var/log/apache2/agent/domen.ru/access.log combined
  ErrorLog /var/log/apache2/agent/domen.ru/error.log
  <IfModule peruser.c>
    ServerEnvironment agent agent
    Processor agent agent
  </IfModule>
  <IfModule mod_suexec.c>
    SuexecUserGroup agent agent
  </IfModule>
  <IfModule mod_suexec>
    SuexecUserGroup agent agent
  </IfModule>
  <IfModule mpm_itk_module>
    # Ubuntu 14
    AssignUserID agent agent
  </IfModule>
  ServerName www.domen.ru
  ServerAlias domen.ru
  Alias /.awstats/icon /usr/share/webapps/awstats/6.9/htdocs/icon
  
        SSLEngine On
        SSLProtocol all -SSLv2
  SSLCertificateFile /usr/local/Panel/data/ssl/www.domen.ru.crt
  SSLCertificateKeyFile /usr/local/Panel/data/ssl/private.key
</VirtualHost>

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikolai Korabelnikov, 2015-03-11
@trukhachev

First you need to disable SSLv3 (and preferably TLSv1 - but here you may lose clients that do not support TLS higher than version 1).
Try this service:
https://mozilla.github.io/server-side-tls/ssl-conf...