Below you will find some example code snippets of apache web server configuration.

Configuring Protocol/Cipher support

The following sections is an example of a good choice of cipher suites. Note that the order of ciphers is important.

<IfModule mod_ssl.c>

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3

</IfModule>

Kudos to the administrators at Tilburg University for compiling this list.

Caveat: we consider this configuration a best-current-practice at the time of writing. Please note that new findings in TLS security or openssl implementation may require different settings!

Certificate Chain

An example of a correct certificate chain:

SSLCertificateChainFile /etc/ssl/certs/chain-tcs.pem 

Note that this example is specific for the TERENA Certificate Service (CA certificates available from http://www.terena.org/activities/tcs/repository/).