{"id":1010,"date":"2018-09-30T00:30:51","date_gmt":"2018-09-29T15:30:51","guid":{"rendered":"https:\/\/aoboshi.org\/?p=1010"},"modified":"2018-09-30T00:39:08","modified_gmt":"2018-09-29T15:39:08","slug":"ssl%e6%8e%a5%e7%b6%9a%e3%82%92%e3%81%95%e3%82%89%e3%81%absecure%e3%81%b8","status":"publish","type":"post","link":"https:\/\/aoboshi.org\/?p=1010","title":{"rendered":"SSL\u63a5\u7d9a\u3092\u3055\u3089\u306bsecure\u3078"},"content":{"rendered":"

\u5f53\u30d6\u30ed\u30b0\u306f\u5e38\u6642SSL\u5316<\/a>\u3092\u3057\u3066\u304a\u308a\u307e\u3059\u304c\u3001SSL Server Test (Powered by Qualys SSL Labs)<\/a>\u3067\u8a3a\u65ad\u3092\u884c\u3063\u305f\u3068\u3053\u308d\u3001<\/p>\n

\u7d50\u679c\u304c\u4e00\u90e8\u4e0d\u5099\u304c\u3042\u308b\u300cB\u300d\u3092\u5224\u5b9a\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002
\n\"\"<\/a><\/p>\n

\u3069\u3046\u3084\u3089\u3001Forward secrecy<\/a>\u3068\u8a00\u3046\u3082\u306e\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u306a\u3044\u306e\u304c\u554f\u984c\u3067\u3057\u305f\u3002<\/p>\n

\u8a2d\u5b9a\u65b9\u6cd5\u3092\u8abf\u3079\u305f\u3068\u3053\u308d\u3001Mozilla\u304c\u8a2d\u5b9a\u30b8\u30a7\u30cd\u30ec\u30fc\u30bf\u3092\u7528\u610f\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u77e5\u308a\u3001
\nGenerate Mozilla Security Recommended Web Server Configuration Files<\/a><\/p>\n

\u65e9\u901f\u3001\u4f7f\u7528\u3057\u3066\u3044\u308b\u30bd\u30d5\u30c8\u3068\u305d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u5165\u529b\u3057\u3001\u8a2d\u5b9a\u3092\u4f5c\u6210\u3001
\n\"\"<\/a><\/p>\n

# intermediate configuration, tweak to your needs
\nSSLProtocol all -SSLv3
\nSSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
\nSSLHonorCipherOrder on
\nSSLCompression off<\/p>\n

# OCSP Stapling, only in httpd 2.3.3 and later
\nSSLUseStapling on
\nSSLStaplingResponderTimeout 5
\nSSLStaplingReturnResponderErrors off
\nSSLStaplingCache shmcb:\/var\/run\/ocsp(128000)<\/p>\n

\u306e\u90e8\u5206\u3092\u30b3\u30d4\u30fc\u3057\u3001<\/p>\n

\u30b5\u30fc\u30d0\u4e0a\u306e\u30b3\u30f3\u30d5\u30a3\u30b0\u306e<\/VirtualHost>\u76f4\u4e0b\u306b\u8cbc\u308a\u4ed8\u3051\u3066\u3001
\napache\u306e\u518d\u8d77\u52d5\u3092\u884c\u3063\u305f\u3068\u3053\u308d\u3001<\/p>\n

\"\"<\/a><\/p>\n

\u7121\u4e8b\u306b\u300cA\u300d\u5224\u5b9a\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5f53\u30d6\u30ed\u30b0\u306f\u5e38\u6642SSL\u5316\u3092\u3057\u3066\u304a\u308a\u307e\u3059\u304c\u3001SSL Server Test (Powered by Qualys SSL Labs)\u3067\u8a3a\u65ad\u3092\u884c\u3063\u305f\u3068\u3053\u308d\u3001 \u7d50\u679c\u304c\u4e00\u90e8\u4e0d\u5099\u304c\u3042\u308b\u300cB\u300d\u3092\u5224\u5b9a\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002 \u3069\u3046\u3084\u3089\u3001Fo […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,4],"tags":[],"class_list":["post-1010","post","type-post","status-publish","format-standard","hentry","category-web","category-linux"],"_links":{"self":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts\/1010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1010"}],"version-history":[{"count":0,"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts\/1010\/revisions"}],"wp:attachment":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}