Created
May 21, 2015 12:46
-
-
Save subaddiction/d618d5f7f23ba0444f95 to your computer and use it in GitHub Desktop.
LOGJAM mitigation for Apache 2.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This mod_ssl configuration mitigates the LOGJAM attack on apache versions | |
| # in which the "SSLOpenSSLConfCmd DHParameters" directive was not yet implemented. (< 2.4) | |
| # This configuration mitigates the attack avoiding the use of DHE ciphers | |
| # Test here: https://weakdh.org/sysadmin.html | |
| <IfModule mod_ssl.c> | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| SSLCompression off | |
| SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA | |
| SSLHonorCipherOrder on | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
which browsers would not be compatible with this CipherSuite?