Created
May 21, 2015 12:46
LOGJAM mitigation for Apache 2.2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This mod_ssl configuration mitigates the LOGJAM attack on apache versions | |
# in which the "SSLOpenSSLConfCmd DHParameters" directive was not yet implemented. (< 2.4) | |
# This configuration mitigates the attack avoiding the use of DHE ciphers | |
# Test here: https://weakdh.org/sysadmin.html | |
<IfModule mod_ssl.c> | |
SSLProtocol all -SSLv2 -SSLv3 | |
SSLCompression off | |
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA | |
SSLHonorCipherOrder on | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
which browsers would not be compatible with this CipherSuite?