Empfehlungen für Apache2: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
=gültig bis ?=
+
=Juli 2021=
 
+
=Vorschlag von Letsencrypt=
 +
DHE-RSA-AES256-SHA256
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|Symmetrische Verschlüsselung
 
|Symmetrische Verschlüsselung
|aes256
+
|AES128-GCM
 +
|AES256-GCM
 +
|CHACHA20-POLY130
 
|-
 
|-
 
|Asymmetrische Verschlüsselung
 
|Asymmetrische Verschlüsselung
|aes256
+
|RSA
 +
|ECDSA
 +
|
 
|-
 
|-
 
|Hash Algorythmus
 
|Hash Algorythmus
|sha256
+
|SHA256
 +
|SHA384
 +
|
 
|-
 
|-
|Diffie Helman Gruppe 16
+
|Diffie Hellman
|modp4096
+
|DHE
 +
|ECDHE
 +
|
 
|}
 
|}
<pre>
+
 
 
SSLEngine on
 
SSLEngine on
 +
 
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
SSLProtocol            all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+
 
 +
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
 +
 
 
SSLHonorCipherOrder    on
 
SSLHonorCipherOrder    on
 +
 +
SSLCompression          off
 +
 +
SSLSessionTickets off
 +
 
SSLCompression          off
 
SSLCompression          off
  
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
</pre>
+
 
 +
=Glossar=
 +
*EC - [https://de.wikipedia.org/wiki/Elliptic_Curve_Cryptography Elliptic Curve]
 +
*GSM - [https://de.wikipedia.org/wiki/Galois/Counter_Mode Galios Counter Mode]
  
 
=Quelle=
 
=Quelle=
 
*https://www.ssl.com/de/leiten/tls-Einhaltung-von-Standards/
 
*https://www.ssl.com/de/leiten/tls-Einhaltung-von-Standards/

Aktuelle Version vom 13. Juli 2021, 19:50 Uhr

Juli 2021

Vorschlag von Letsencrypt

DHE-RSA-AES256-SHA256

Symmetrische Verschlüsselung AES128-GCM AES256-GCM CHACHA20-POLY130
Asymmetrische Verschlüsselung RSA ECDSA
Hash Algorythmus SHA256 SHA384
Diffie Hellman DHE ECDHE

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:

SSLHonorCipherOrder on

SSLCompression off

SSLSessionTickets off

SSLCompression off

SSLOptions +StrictRequire

Glossar

Quelle

Abgerufen von „http://wiki.ixheim.de/index.php?title=Empfehlungen_für_Apache2&oldid=25955