Hi guys.. Im setting up an Apache server implementing SSL aswell. I want the secdurity to be maximized.. We are using Certificate access control and I was wondering what kind of options I want to enable or disable under SSLOptions in the .conf file.. Best Regards
I've setup SSL on Apache on Windows: https://www.computerbb.org/viewtopic.php?f=25&t=2710 <VirtualHost _default_:443> ServerAdmin ccb056@computerbb.org DocumentRoot "C:/vhosts/computerbb/www" ServerName www.computerbb.org:443 ServerAlias computerbb.org:443 ErrorLog "logs/computerbb.error.log" CustomLog "logs/computerbb.access.log" combined SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "c:/Apache2/conf/ssl/computerbb.der.crt" SSLCertificateKeyFile "c:/Apache2/conf/ssl/computerbb.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> Code (markup):