To get a A+ grade on ssllabs.com with your InterWorx is pretty easy just follow our step by step guide below.
nano /etc/httpd/conf.d/vhost_domain-name.conf
scroll down to: <VirtualHost your-server-ip:443>
Add the following under that tag: Header add Strict-Transport-Security "max-age=63072000;"
Or if you have a wildcard SSL: Header add Strict-Transport-Security "max-age=63072000; includeSubDomains"
Now go to the bottom of the file you should see: SSLEngine on
Under that add the following:
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder OnYou should see SSLCipherSuite RC4:HIGH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW Comment it out with a # before it.
Add below it the following code:SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA
Or try:SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
or even: https://wiki.mozilla.org/Security/Server_Side_TLS
Save that file and restart Apache: service httpd restart
EXTRA
nano cd /home/username/yourdomainname.com/html/.htaccess
Add the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>Save and then run a test at: https://www.ssllabs.com/ssltest/analyze.html?d=yourdomainname.com
