How to Enable Perfect Forward Secrecy in Apache 2.2 on Debian Linux

By | 2013/06/26

Perfect Forward Secrecy requires Apache 2.2 on Debian Wheezy, or Apache 2.4+ for other distros.


Below is a good configuration to use which I have tested and used on Debian Wheezy:

SSLProtocol TLSv1 TLSv1.1 TLSv1.2 -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES256+EECDH:AES256+EDH	

This can then be tested on https://www.ssllabs.com/ssltest

apache_pfs


A good reference is: Category: linux sysadmin Tags: , , , , , , , , ,