C3rd

It's been a while I haven't checked my server with latest configuration with SSL stuff. When I did, I got B. So today, I make my SSL in my server great again! lol

So how I did it...

a2endmod headers

Make sure you enable the headers for the "Strict-Transport-Security"

Then next is edit your ssl.conf, currently my server is not Ubuntu 20.04LTS, not using CentOS 7.x anymore due to work related getting used to it. So in Ubuntu, the config file is located at: /etc/apache2/mods-available/ssl.conf

        #SSLCipherSuite HIGH:!aNULL
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS"

        #SSLProtocol all -SSLv3
        SSLProtocol TLSv1.2
        SSLCompression off
        SSLHonorCipherOrder on

        SSLUseStapling          on
        SSLStaplingResponderTimeout 5
        SSLStaplingReturnResponderErrors off
        SSLStaplingCache        shmcb:/var/run/ocsp(128000)

        # Header always set Strict-Transport-Security
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"

So that's it, you'll get A+ for that coz I did! :) Cheers!

Implemented on my personal projects:

• prendstah.com
• zabyer.org
• kiwilist.co.nz