enterprise-support team mailing list archive

Thread
Date

[Bug 1358305] [NEW] harden default ssl settings

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Christoph_vW <Christoph@xxxxxxxxxxxx>
Date: Mon, 18 Aug 2014 14:01:57 -0000
Reply-to: Bug 1358305 <1358305@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Apache 2 default ssl configuration should be hardened to get better
overall ssl security

my proposal:

/etc/apache2/mods-available/ssl.conf

SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA

SSLProtocol all -SSLv2 -SSLv3


SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1358305

Title:
  harden default ssl settings

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1358305/+subscriptions

Follow ups

[Bug 1358305] Re: harden default ssl settings
From: Launchpad Bug Tracker, 2014-11-26
[Bug 1358305] [NEW] harden default ssl settings
From: Christoph_vW, 2014-08-18

References

[Bug 1358305] [NEW] harden default ssl settings
From: Christoph_vW, 2014-08-18