Quote From : kulonuwun October 14, 2020, 11:55 am IT WORKS. Now I get A Grade at SSL Labs
So i just add below line at the end of apache2 configuration then restart server.
SSLCipherSuite
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 HE-RSA-AES128-GCM-SHA256 HE-RSA-AES256-GCM-SHA384
Anyway, thanks for your help. I really appreciate it.
I'M glad and happy to read you have resolved.If you wanna get an A+ score you need add some extra Apache config for each domain you wanna protect.
You can add extra apache config from the Webuzo home on left top of the panel.Extra config should be a txt file on your PC that is uploaded by Webuzo interface and should have inside:
Code # Guarantee HTTPS for 1 Year
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
# Header always set Strict-Transport-Security "max-age=63072000;"
#Header always set Content-Security-Policy "upgrade-insecure-requests;"
Header set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS
Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
Adding extra config is good but if you need for some reason unistall Apache need to remember before do that you need remove all Extra Apache config or once you install again Apache on your server will fail to load until you do not clean all extra apache config.
This is a bad behaviour of Webuzo on my opinion as I think extra config should be removed with Apache if Apache is removed or Apache will fail to load.
----------------------- PeopleInside
Web, security, open source passionate.
|