https://wiki.eddyn.net/index.php?action=history&feed=atom&title=Strong_Ciphers_For_Common_Linux_Server_Configurations
Strong Ciphers For Common Linux Server Configurations - Revision history
2026-05-21T01:41:25Z
Revision history for this page on the wiki
MediaWiki 1.40.0
https://wiki.eddyn.net/index.php?title=Strong_Ciphers_For_Common_Linux_Server_Configurations&diff=86&oldid=prev
Eddynetweb: Created page and added resources.
2020-05-26T14:34:27Z
<p>Created page and added resources.</p>
<p><b>New page</b></p><div>These are strong ciphers for common Linux server applications. <br />
<br />
== Examples ==<br />
<br />
<source lang="apache"><br />
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH<br />
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLHonorCipherOrder On<br />
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"<br />
Header always set X-Frame-Options DENY<br />
Header always set X-Content-Type-Options nosniff<br />
# Requires Apache >= 2.4<br />
SSLCompression off<br />
SSLUseStapling on<br />
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"<br />
# Requires Apache >= 2.4.11<br />
SSLSessionTickets Off <br />
</source> <br />
<br />
<source lang="apache"><br />
ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2<br />
ssl_prefer_server_ciphers on; <br />
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096<br />
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;<br />
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0<br />
ssl_session_timeout 10m;<br />
ssl_session_cache shared:SSL:10m;<br />
ssl_session_tickets off; # Requires nginx >= 1.5.9<br />
ssl_stapling on; # Requires nginx >= 1.3.7<br />
ssl_stapling_verify on; # Requires nginx => 1.3.7<br />
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;<br />
resolver_timeout 5s; <br />
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";<br />
add_header X-Frame-Options DENY;<br />
add_header X-Content-Type-Options nosniff;<br />
add_header X-XSS-Protection "1; mode=block";<br />
add_header X-Robots-Tag none; <br />
</source> <br />
<br />
<source lang="apache"><br />
ssl.honor-cipher-order = "enable"<br />
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"<br />
ssl.use-compression = "disable"<br />
setenv.add-response-header = (<br />
"Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload",<br />
"X-Frame-Options" => "DENY",<br />
"X-Content-Type-Options" => "nosniff"<br />
)<br />
ssl.use-sslv2 = "disable"<br />
ssl.use-sslv3 = "disable" <br />
</source></div>
Eddynetweb