Tag Archives: ssl

ssllabs.com에서 A+ 받은 Apache / NginX SSL 설정을 공유해드린다. Apache: …. SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite “-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES” SSLCertificateKeyFile /etc/ssl/private/your_website.key SSLCertificateFile /etc/ssl/certs/your_website.crt Header add Strict-Transport-Security “max-age=15768000” ServerTokens ProductOnly ServerSignature Off TraceEnable Off 저장 후 headers 모듈을 활성화하고나서 아파치 서버를 재시작해주면 된다. sudo a2enmod headers && sudo service apache2 restart NginX: server { listen 443 default_server; server_name yourwebsite.com; ssl on; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_certificate /etc/ssl/certs/yourwebsite.pem; ssl_certificate_key /etc/ssl/private/yourwebsite.key; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_dhparam /etc/nginx/cert/dhparam.pem; add_header Strict-Transport-Security “max-age=31536000”; […]