[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Securing apache

Hi all,


Ok, a site I have inherited that is running debian (7.4) is running Apache, and a test of the SSL for that site reveals a few issues I'd like to address.

First, the site checker I was using is:


The general results (and recommendations) are:

Disable weak cipher suites:
"Use only cipher suites that have authentication and encryption of 128-bit or higher."

Disable SSLv3

Enable 'Strict-Transport-Security'

Enable 'SPDY'

These all sound like good things to do, but I'm unsure of exactly how to accomplish them, and where...

Thx for any help...

Reply to: