MozillaWiki

Security/Server Side TLS: Difference between revisions

Page Discussion

Security/Server Side TLS (view source)

Revision as of 17:57, 14 October 2013

208 bytes removed ,  14 October 2013
→‎Apache
Line 278: Line 278:
== Apache ==
== Apache ==


Apache + mod_ssl is suitable for SSL termination. Only Apache 2.4+ & recent versions of OpenSSL support TLSv1.1 and TLSv1.2 in the SSLProtocol parameter. Also, only Apache 2.4 honors the SSLCipherSuit correctly. Make sure to test your setup before deploying.
In Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter.
Note that, As of Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter.
The configuration below is recommended, it enabled OCSP stapling.
 
<pre>
<pre>
<VirtualHost *:443>
<VirtualHost *:443>
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/728722"