Fix Common SSL/TLS Problems in Apache2

Qualys SSL Labs has some great tools to check your server’s SSL/TLS installation to make sure they don’t fall victim to common vulnerabilities or exploits that seem to be discovered every month. If you’re running an Apache2 installation, securing your server against most SSL/TLS vulnerabilities is as easy as enabling the headers Apache module, and then a few lines to your SSL configuration.

First, enable the headers module so Apache2 can modify headers sent to the client:

pengc99@alpha:~$ sudo a2enmod headers
Enabling module headers.
To activate the new configuration, you need to run:
 service apache2 restart

Then add the following lines to your SSL configuration:

# Make the server secure
 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on

Restart your server:

pengc99@alpha:~$ sudo /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .

That’s it! Now go run the test at and marvel at your server’s newfound security!


Continue Reading