On 26.04.2017 08:58, Nicolas Kovacs wrote:
Hi,
I'm currently experimenting with a public server running CentOS 7. I
have half a dozen production servers all running Slackware Linux, and I
intend to progressively migrate them to CentOS, for a host of reasons
(support cycle, package availability, SELinux, etc.) But before doing
that, I have to figure out a few things that work differently under
CentOS. Apache and SSL behave quite differently under these two
distributions.
So far, Apache is running fine with HTTP and hosts a series of virtual
hosts.
I have installed Certbot and created a Let's Encrypt certificate for the
server.
I have a "dummy" website under /var/www/html/default/html.
I installed mod_ssl and only edited the following directives in
/etc/httpd/conf.d/ssl.conf. I kept the default options for everything else.
--8<------------------------------------------------
...
DocumentRoot "/var/www/html/default/html"
ServerName sd-41893.dedibox.fr:443
...
SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem
--8<------------------------------------------------
After restarting Apache, the website shows up correctly.
https://sd-41893.dedibox.fr/
But when I test it using Qualys SSL Labs Server Test, the results are a
disappointment.
with this:
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!SSLv2:+SSLv3:!3DES:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'
SSLHonorCipherOrder on
SSLStrictSNIVHostCheck on
you get Grade A+
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
