Reading so much about malware, security issues in software, hackers and the NSA affairs, I am also aware that is crucial to secure any digital device and protect your own data. Encryption of connections between client and server is an essential part of this. Of course, it may be hard to achieve perfect security, but often security issues are founded in a lack of knowledge or because someone doesn’t have the time to do things right.
Qualys is a company that is well known concerning security and especially encryption. They offer an SSL server test, that will give you a hint about the effective security of the SSL configuration of your server, as just activating SSL isn’t enough – recent vulnerabilities like the FREAK attack show, that it may be hard to find the correct configuration for a server to get the best (currently known) encryption.
As many applications use HTTP as transport protocol and it is the protocol for browsing the web, it is important to get the right encryption at your webserver.The following configuration for the Apache webserver will give you an A+ ranking at the Qualys SSL Server Test.
SSLEngine on SSLCertificateFile /path/to/certificate.crt SSLCertificateKeyFile /path/to/certificate.key SSLProtocol all -SSLv2 -SSLv3 Header add Strict-Transport-Security "max-age=15768000" SSLHonorCipherOrder on SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
The configuration will not only disable insecure cipher suites but also gives you perfect forward secrecy. Below you will find an image of the test results for this webserver.