Securing apache

To: Debian Users ML <debian-user@lists.debian.org>
Subject: Securing apache
From: Tanstaafl <tanstaafl@libertytrek.org>
Date: Mon, 21 Apr 2014 12:54:34 -0400
Message-id: <[🔎] 53554D4A.1050303@libertytrek.org>

Hi all,

Noob-alert!

Ok, a site I have inherited that is running debian (7.4) is runningApache, and a test of the SSL for that site reveals a few issues I'dlike to address.


First, the site checker I was using is:

https://sslcheck.globalsign.com/en_US

The general results (and recommendations) are:

Disable weak cipher suites:

"Use only cipher suites that have authentication and encryption of128-bit or higher."


Disable SSLv3

Enable 'Strict-Transport-Security'

Enable 'SPDY'

These all sound like good things to do, but I'm unsure of exactly how toaccomplish them, and where...


Thx for any help...

Reply to:

Follow-Ups:
- Re: Securing apache
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: Debian Noob and MSCORE fonts
Next by Date: Re: auto blanking screen is not working
Previous by thread: Re: Debian system as an internet security gateway
Next by thread: Re: Securing apache
Index(es):
- Date
- Thread