On 26.04.2017 08:58, Nicolas Kovacs wrote: > Hi, > > I'm currently experimenting with a public server running CentOS 7. I > have half a dozen production servers all running Slackware Linux, and I > intend to progressively migrate them to CentOS, for a host of reasons > (support cycle, package availability, SELinux, etc.) But before doing > that, I have to figure out a few things that work differently under > CentOS. Apache and SSL behave quite differently under these two > distributions. > > So far, Apache is running fine with HTTP and hosts a series of virtual > hosts. > > I have installed Certbot and created a Let's Encrypt certificate for the > server. > > I have a "dummy" website under /var/www/html/default/html. > > I installed mod_ssl and only edited the following directives in > /etc/httpd/conf.d/ssl.conf. I kept the default options for everything else. > > --8<------------------------------------------------ > ... > DocumentRoot "/var/www/html/default/html" > ServerName sd-41893.dedibox.fr:443 > ... > SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem > SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem > SSLCertificateChainFile > /etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem > --8<------------------------------------------------ > > After restarting Apache, the website shows up correctly. > > https://sd-41893.dedibox.fr/ > > But when I test it using Qualys SSL Labs Server Test, the results are a > disappointment. with this: SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!SSLv2:+SSLv3:!3DES:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP' SSLHonorCipherOrder on SSLStrictSNIVHostCheck on you get Grade A+