Changes between Initial Version and Version 1 of webserver


Ignore:
Timestamp:
Sep 14, 2015, 9:17:35 AM (4 years ago)
Author:
nik
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • webserver

    v1 v1  
     1= Web Server =
     2
     3== SSL 보안 ==
     4
     5* Qualys에서 SSL 관련 test를 online으로 해볼 수 있다 : https://www.ssllabs.com/ssltest/index.html
     6* nGinx의 경우, 아래의 config를 사용해보자.
     7{{{
     8server {
     9        listen 443;
     10        server_name 웹사이트이름;
     11
     12        ssl     on;
     13        ssl_certificate         /인증서.crt;
     14        ssl_certificate_key     /개인키.key;
     15        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
     16        ssl_ciphers     "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
     17        ssl_prefer_server_ciphers       on;
     18        ssl_session_cache       shared:SSL:10m;
     19        ssl_dhparam             dhparam.pem 경로; # (요건 openssl dhparam -out dhparam.pem 4096 으로 생성 가능)
     20        ssl_stapling            on;
     21        add_header              Strict-Transport-Security "max-age=15768000; includeSubdomains;";
     22}
     23}}}