Notice: Function register_sidebar was called incorrectly. No id was set in the arguments array for the "north_sidebar" sidebar. Defaulting to "sidebar-1". Manually set the id to "sidebar-1" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /var/www/vhosts/nvq.nl/wp-includes/functions.php on line 6170

Notice: Function register_sidebar was called incorrectly. No id was set in the arguments array for the "south_sidebar" sidebar. Defaulting to "sidebar-2". Manually set the id to "sidebar-2" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /var/www/vhosts/nvq.nl/wp-includes/functions.php on line 6170

Notice: Function register_sidebar was called incorrectly. No id was set in the arguments array for the "west_sidebar" sidebar. Defaulting to "sidebar-3". Manually set the id to "sidebar-3" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /var/www/vhosts/nvq.nl/wp-includes/functions.php on line 6170

Notice: Function register_sidebar was called incorrectly. No id was set in the arguments array for the "east_sidebar" sidebar. Defaulting to "sidebar-4". Manually set the id to "sidebar-4" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /var/www/vhosts/nvq.nl/wp-includes/functions.php on line 6170
nvq.nl » Apache Configuratie voor Forward Secrecy en HTTP Strict Transport Security

Apache Configuratie voor Forward Secrecy en HTTP Strict Transport Security

June 18th, 2016
Warning: Undefined variable $comments in /var/www/vhosts/nvq.nl/wp-content/themes/inove/page.php on line 10

Forward Secrecy:

Apache:

Edit de volgende file: sudo nano /etc/apache2/mods-available/ssl.conf

Zorg ervoor dat de volgende config in de file staat:

SSLCipherSuite HIGH:!aNULL

SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA 3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS”
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3

OpenSSL:

Voer het volgende commando uit:

sudo openssl ciphers -V ‘EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4’

 

HTTP Strict Transport Security (HSTS):

sudo a2enmod headers

Voeg nu bij elke .conf voor je https sites toe:

Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains”

Voorbeeld:

<VirtualHost *:443>
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”
ServerAdmin jouw@email.nl
ServerName domein.nl
ServerAlias www.domein.nl

 

 

That’s it.

 

Check https://www.ssllabs.com/ssltest of alles goed door komt.

Verder kan je nog een ssl certificaat met een hogere rsa-key gebruiken:

–rsa-key-size 4096

Comments are closed.