[eduVPN-deploy] updated TLS ciphers for Apache web server
François Kooman
fkooman at tuxed.net
Fri Oct 11 10:49:17 CEST 2019
Hi all,
Mozilla updated their TLS server configuration tool [1], and now lists
some different ciphers and web server configuration directives for Apache.
Feel free to update the configuration on your server. As of now, THERE
IS **NO** IMMEDIATE NEED TO DO THIS, except silence an "ssllabs.com"
weak cipher warning.
I updated the "ssl.conf" templates [2] that get installed when running
the deploy_${DIST}.sh scripts.
You can (manually) copy the ssl.conf (CentOS), ssl.fedora.conf (Fedora)
to /etc/httpd/conf.d/ssl.conf assuming you did not modify your
configuration because of port sharing [3]. On Debian you can copy
ssl.debian.conf to /etc/apache2/mods-available/ssl.conf.
Do not forget to restart Apache (systemctl restart httpd on
CentOS/Fedora, or systemctl restart apache2 on Debian).
Let me know if you have any questions!
Regards,
François
[1] https://ssl-config.mozilla.org/
[2] https://github.com/eduvpn/documentation/tree/v2/resources
[3] https://github.com/eduvpn/documentation/blob/v2/PORT_SHARING.md
More information about the eduVPN-deploy
mailing list