Openssl加固配置-南京廖华答案网

Openssl加固配置下载本文

内容发布更新时间 : 2024/12/28 15:42:06星期一下面是文章的全部内容请认真阅读。

Openssl加固配置

Lvb整理

Apache

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On Header always set Strict-Transport-Security \includeSubdomains; preload\Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff # Requires Apache >= 2.4 SSLCompression off SSLSessionTickets Off SSLUseStapling on SSLStaplingCache \

nginx

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers \ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver $DNS-IP-1 $DNS-IP-2 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security \includeSubdomains; preload\add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;

Lighttpd

ssl.honor-cipher-order = \ssl.cipher-list = \ssl.use-compression = \setenv.add-response-header = ( \includeSubdomains; preload\ \ \) ssl.use-sslv2 = \ssl.use-sslv3 = \

haproxy

global ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 ssl-default-bind-ciphers AES128+EECDH:AES128+EDH frontend http-in mode http option httplog option forwardfor option http-server-close option httpclose bind 192.0.2.10:80 redirect scheme https code 301 if !{ ssl_fc } frontend https-in option httplog option forwardfor option http-server-close option httpclose rspadd Strict-Transport-Security:\\ max-age=31536000;\\ includeSubdomains;\\ preload rspadd X-Frame-Options:\\ DENY bind 192.0.2.10:443 ssl crt /etc/haproxy/haproxy.pem ciphers AES128+EECDH:AES128+EDH force-tlsv12 no-sslv3

Postfix

smtpd_use_tls=yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file=/etc/ssl/postfix.cert smtpd_tls_key_file=/etc/ssl/postfix.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1

Word文档下载：Openssl加固配置.doc

搜索更多:Openssl加固配置