正确部署安全的SSL站点的配置文件

下面为转载内容:

nginx 

ssl_ciphers "AES128+EECDH:AES128+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000;";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_session_tickets off; 
    

        ssl_stapling on; # Requires nginx >= 1.3.7 
    


    

        ssl_stapling_verify on; # Requires nginx => 1.3.7 
    


    

        resolver 8.8.8.8 8.8.4.4 valid=300s;
    

resolver_timeout 5s;

Apache

SSLCipherSuite AES128+EECDH:AES128+EDH 

SSLProtocol All -SSLv2 -SSLv3 

SSLHonorCipherOrder On 

SSLSessionTickets Off 

Header always set Strict-Transport-Security "max-age=63072000;" 

Header always set X-Frame-Options DENY 

Header always set X-Content-Type-Options nosniff 

# Requires Apache >= 2.4 

SSLCompression off 

SSLUseStapling on 

SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

Lighttpd 

    

        ssl.honor-cipher-order = "enable" 
    


    

        ssl.cipher-list = "AES128+EECDH:AES128+EDH" 
    


    

        ssl.use-compression = "disable" 
    


    

        setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=63072000;", "X-Frame-Options" => "DENY", "X-Content-Type-Options" => "nosniff" )
    


    

        ssl.use-sslv2 = "disable" 
    


    

        ssl.use-sslv3 = "disable"

请注意,部分配置有版本限制,如果您正在使用的版本为非指定版本。请把相关配置代码删除。

| 0个评论