Empfehlungen für Apache2: Unterschied zwischen den Versionen
| (10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Juli 2021= | =Juli 2021= | ||
| − | = | + | =Vorschlag von Letsencrypt= |
DHE-RSA-AES256-SHA256 | DHE-RSA-AES256-SHA256 | ||
{| class="wikitable" | {| class="wikitable" | ||
|Symmetrische Verschlüsselung | |Symmetrische Verschlüsselung | ||
| − | |AES256 | + | |AES128-GCM |
| + | |AES256-GCM | ||
| + | |CHACHA20-POLY130 | ||
|- | |- | ||
|Asymmetrische Verschlüsselung | |Asymmetrische Verschlüsselung | ||
|RSA | |RSA | ||
| + | |ECDSA | ||
| + | | | ||
|- | |- | ||
|Hash Algorythmus | |Hash Algorythmus | ||
|SHA256 | |SHA256 | ||
| + | |SHA384 | ||
| + | | | ||
|- | |- | ||
| − | |Diffie | + | |Diffie Hellman |
|DHE | |DHE | ||
| + | |ECDHE | ||
| + | | | ||
|} | |} | ||
SSLEngine on | SSLEngine on | ||
| − | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | + | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 |
| − | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-GCM-SHA384: ECDHE- | + | SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA: |
| − | SSLHonorCipherOrder off | + | SSLHonorCipherOrder on |
| + | |||
| + | SSLCompression off | ||
SSLSessionTickets off | SSLSessionTickets off | ||
| Zeile 30: | Zeile 40: | ||
SSLOptions +StrictRequire | SSLOptions +StrictRequire | ||
| + | |||
| + | =Glossar= | ||
| + | *EC - [https://de.wikipedia.org/wiki/Elliptic_Curve_Cryptography Elliptic Curve] | ||
| + | *GSM - [https://de.wikipedia.org/wiki/Galois/Counter_Mode Galios Counter Mode] | ||
=Quelle= | =Quelle= | ||
*https://www.ssl.com/de/leiten/tls-Einhaltung-von-Standards/ | *https://www.ssl.com/de/leiten/tls-Einhaltung-von-Standards/ | ||
Aktuelle Version vom 13. Juli 2021, 19:50 Uhr
Juli 2021
Vorschlag von Letsencrypt
DHE-RSA-AES256-SHA256
| Symmetrische Verschlüsselung | AES128-GCM | AES256-GCM | CHACHA20-POLY130 |
| Asymmetrische Verschlüsselung | RSA | ECDSA | |
| Hash Algorythmus | SHA256 | SHA384 | |
| Diffie Hellman | DHE | ECDHE |
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLCompression off
SSLOptions +StrictRequire
Glossar
- EC - Elliptic Curve
- GSM - Galios Counter Mode