if you are using secure connections you can check your page at different pages (e.g. https://www.ssllabs.com/ssltest/) to get an grade (A+ till F). By harden your SSL connection of apache you always have to keep in your mind the mobile devices. Most of them are not able to use the best up2date secure options. So the key is to find the best secure solution to get a secure and reachable webpage.
Example SSLLabs test result: https://www.ssllabs.com/ssltest/analyze.html?d=inf-ro.de
I am running Ubuntu 14.04 LTS using I-MSCP 1.2.x. Inside /etc/apache2/mods-available/ssl.conf I changed the following lines to get an "A":
And at the bottom I added:
If you have a better knowledge base on how to secure apache2 ssl - please tell me/us. With this configuration every modern mobile device is able to connect as well as PCs.
Software which is not able to connect using my configuration:
- IE 6 / XP
- Java 6u45
To get an "A+" I think you just need to enable "HSTS": https://raymii.org/s/tutorials…e_NGINX_and_Lighttpd.html