Softaculous

Topic : Obsolete OpenSSL OpenSSL/1.0.2t used by Webuzo. You need update it!


Page 2 of 2<<<12All

Posted By: peopleinside on October 14, 2020, 12:01 pm | Post: 15
Quote From : kulonuwun October 14, 2020, 11:55 am
IT WORKS. Now I get A Grade at SSL Labs

So i just add below line at the end of apache2 configuration then restart server.

SSLCipherSuite         
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 :D HE-RSA-AES128-GCM-SHA256 :D HE-RSA-AES256-GCM-SHA384
Anyway, thanks for your help. I really appreciate it.

I'M glad and happy to read you have resolved.If you wanna get an A+ score you need add some extra Apache config for each domain you wanna protect.
You can add extra apache config from the Webuzo home on left top of the panel.Extra config should be a txt file on your PC that is uploaded by Webuzo interface and should have inside:
Code
# Guarantee HTTPS for 1 Year


Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
# Header always set Strict-Transport-Security "max-age=63072000;"

#Header always set Content-Security-Policy "upgrade-insecure-requests;"


    Header set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS


Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"

Adding extra config is good but if you need for some reason unistall Apache need to remember before do that you need remove all Extra Apache config or once you install again Apache on your server will fail to load until you do not clean all extra apache config.
This is a bad behaviour of Webuzo on my opinion as I think extra config should be removed with Apache if Apache is removed or Apache will fail to load.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.