wiki:webserver

Web Server

SSL 보안

  • Qualys에서 SSL 관련 test를 online으로 해볼 수 있다 : https://www.ssllabs.com/ssltest/index.html
  • nGinx의 경우, 아래의 config를 사용해보자.
    server {
            listen 443;
            server_name 웹사이트이름;
    
            ssl     on;
            ssl_certificate         /인증서.crt;
            ssl_certificate_key     /개인키.key;
    	ssl_protocols	TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers	"EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    	ssl_prefer_server_ciphers       on;
    	ssl_session_cache	shared:SSL:10m;
    	ssl_dhparam		dhparam.pem 경로; # (요건 openssl dhparam -out dhparam.pem 4096 으로 생성 가능)
    	ssl_stapling		on;
    	add_header		Strict-Transport-Security "max-age=15768000; includeSubdomains;";
    }
    
Last modified 2 years ago Last modified on Sep 14, 2015, 9:17:35 AM