C3rd
[ssllabs.com] How to get “A+” on SSL Server test as of "Feb 2021"
Posted: 23 Feb 2021, 5:02am - Tuesday
It's been a while I haven't checked my server with latest configuration with SSL stuff. When I did, I got B. So today, I make my SSL in my server great again! lol
So how I did it...
a2endmod headers
Make sure you enable the headers for the "Strict-Transport-Security"
Then next is edit your ssl.conf, currently my server is not Ubuntu 20.04LTS, not using CentOS 7.x anymore due to work related getting used to it. So in Ubuntu, the config file is located at: /etc/apache2/mods-available/ssl.conf
#SSLCipherSuite HIGH:!aNULL
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS"
#SSLProtocol all -SSLv3
SSLProtocol TLSv1.2
SSLCompression off
SSLHonorCipherOrder on
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
# Header always set Strict-Transport-Security
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
So that's it, you'll get A+ for that coz I did! :) Cheers!
Implemented on my personal projects: