Better CryptoThis test is not about the certificate – it’s about the TLS version and the crypto algorithms chosen. The configuration is based on recommendations from bettercrypto.org  – a project dedicated to provide up-to-date copy & paste ready configurations for modern servers.

This server does not support SSL at all. It only supports TLS version 1.0 and later. It has a very strong sense of crypto and do not accept weak crypto algorithms. If your client can not connect, you have an old implementation.

tls-o-matic-success

Next test

Configuration for Apache HTTPD

Here’s the core of the TLS web server configuration for Apache HTTPD. If you want a reference configuration, please visit bettercrypto.org and use their up-to-date recommendations.

 


ServerName test20.tls-o-matic.com:420
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
# Add six earth month HSTS header for all users...
Header always set Strict-Transport-Security "max-age=15768000"
SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384\
:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL\
:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA\
:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"

HTTPS | Crypto