Apache配置SSL证书

基本SSL参数

# 通用性
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     off
SSLSessionTickets       off
# 开启 OCSP Stapling(建议)
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

虚拟主机开启SSL

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/fullchain.crt
    SSLCertificateKeyFile   /path/private.pem
</VirtualHost>

更多参考

1、Mozilla：https://ssl-config.mozilla.org/
2、阿里云：https://help.aliyun.com/document_detail/98727.html
3、腾讯云：https://cloud.tencent.com/document/product/400/35243，https://cloud.tencent.com/document/product/400/61400