Skip to content

Commit

Permalink
Fix demo1 weak TLS config
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrvanes
mrvanes committed Jul 1, 2024
1 parent ac956a8 commit f886cc9
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions roles/demo-apache/templates/apache.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/{{demo_hosts.demo1}}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{demo_hosts.demo1}}/privkey.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"
{% endif %}
Expand Down

0 comments on commit f886cc9

Please sign in to comment.