diff --git a/CHANGELOG.md b/CHANGELOG.md index ecb2ad1..f143bae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ## [Unreleased] -- Add config option for HTTP/2 per domain. +## [1.2.0] - 2021-01-24 + +- Added option to enable HTTP/2 functionality per development domain. ## [1.1.1] - 2020-08-25 diff --git a/README.md b/README.md index a21716e..0565b4f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![GitHub License](https://img.shields.io/github/license/custom-dev-tools/WampServer-SSL-Auto-Config.svg?color=informational&logo=github)](https://github.com/custom-dev-tools/WampServer-SSL-Auto-Config/blob/master/LICENSE) [![GitHub last commit](https://img.shields.io/github/last-commit/custom-dev-tools/WampServer-SSL-Auto-Config.svg?logo=github)](https://github.com/custom-dev-tools/WampServer-SSL-Auto-Config/commits/master) [![GitHub open issues](https://img.shields.io/github/issues-raw/custom-dev-tools/WampServer-SSL-Auto-Config.svg?color=brightgreen&logo=github)](https://github.com/custom-dev-tools/WampServer-SSL-Auto-Config/issues?q=is%3Aopen+is%3Aissue) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/custom-dev-tools/WampServer-SSL-Auto-Config.svg?color=brightgreen&logo=github)](https://github.com/custom-dev-tools/WampServer-SSL-Auto-Config/issues?q=is%3Aissue+is%3Aclosed) -WampServer SSL Auto Config is a Microsoft Windows batch script designed to automatically generate and configure a fully working Apache SSL / Name Based virtual host development environment. +WampServer SSL Auto Config is a Microsoft Windows batch script designed to automatically generate and configure a fully working Apache SSL / Name Based virtual host development environment with optional HTTP/2 functionality. ## Table of Contents @@ -64,7 +64,7 @@ For browsers that do not use the Windows Trusted Root Certificate Store (such as No installation is required. -At just under 50kB the SSL Auto Config script is small enough to be saved anywhere in your file system. +At 51kB the SSL Auto Config script is small enough to be saved anywhere in your file system. ## Configuration @@ -113,10 +113,12 @@ sslDays=3650 [Website 1] hostname=www.dev.website-1.com.au documentRoot=C:/wamp64 - domains/website-1/public_html +http2=true [Website 2] hostname=www.dev.website-2.com.au documentRoot=C:/wamp64 - domains/website-2/public_html +http2=true ``` #### WampServer Configuration @@ -135,7 +137,7 @@ documentRoot=C:/wamp64 - domains/website-2/public_html * `sslState` : This value represents the full name of a state. -* `sslCountry` : This value represents the two letter ISO code of a country. +* `sslCountry` : This value represents the two-letter ISO code of a country. * `sslOrganisation` : This value represents an organisation name. @@ -145,16 +147,20 @@ documentRoot=C:/wamp64 - domains/website-2/public_html > **Note:** Use the 'local' part of an email address followed by the @ (at) symbol only. Do not include the 'domain' part of the email address as the hostname will be auto-appended. -* `sslDays` : This value represents the number of days you would like the certificates to remain valid for. Enter a high value so your SSL certificate does not expire to regularly and become an inconvenience. +* `sslDays` : This value represents the number of days you would like the certificates to remain valid for. Enter a high value, so your SSL certificate does not expire to regularly and become an inconvenience. #### Development Domains -* `[Website 1]` : This section name represent the human readable host name which is used within your various configuration files. Whilst it is not used by WampServer itself, it will definitely make identification within the generated configuration files easier. +* `[Website 1]` : This section name represent the human-readable host name which is used within your various configuration files. Whilst it is not used by WampServer itself, it will definitely make identification within the generated configuration files easier. * `hostname` : This value represents the URL friendly address used to access your site in your web browser. * `documentRoot` : This value represents the (absolute) path to the public facing directory (commonly called the document root) of your website. This path does not need to be in the same directory or even on the same drive as WampServer. That said, it is not recommended to point this to a network drive. +* `http2` : This boolean value (`true` or `false`) represents the respective enabling or disabling of HTTP/2 functionality. + + > **Note:** You may need to clear (or disable) your browser cache when toggling between HTTP/1.1 and HTTP/2. + > **IMPORTANT:** Do not add quotation marks around your values, even if they contain spaces. Blank lines and commented lines starting with a semicolon ( ; ) character are ignored. You may format and comment your configuration file any way you like. @@ -289,8 +295,9 @@ If Apache fails to restart following the `restore` command then you will need to 1. In each and every version of Apache you have installed: 1. Delete the file `C:\wamp64\bin\apache\apacheX.X.XX\conf\httpd.conf`. 2. Rename the file `C:\wamp64\bin\apache\apacheX.X.XX\conf\httpd-backup.conf` to `httpd.conf`. -2. Delete the file `%systemroot%\System32\drivers\etc\hosts`. -3. Rename the file `%systemroot%\System32\drivers\etc\hosts-backup` to `host`. +2. In the directory containing your system 'hosts' file: + 1. Delete the file `%systemroot%\System32\drivers\etc\hosts`. + 2. Rename the file `%systemroot%\System32\drivers\etc\hosts-backup` to `host`. > **Note:** You will need Administrator rights to perform the above 'hosts' file action. @@ -318,4 +325,4 @@ If you know of any other browser(s) that would benefit by being added to this li If you are unable to update or restore your systems 'hosts' file then: 1. You are not logged in as an Administrator. To change this either login as an Administrator or right click the script and select 'Run as administrator'. -2. Your anti-virus software is stopping the modification of your systems files, including your systems 'hosts' file. This is usually a standard function of anti-virus software and the most probable cause of this issue. To change this turn off / disable your anti-virus software, run the script and then turn on / enable your anti-virus software. Most anti-virus software has an easily accessible option to disable protection for a short period of time. EG: 1-minute, 3-minutes, etc. You should only need to disable it for 1-minute for the script to execute correctly. \ No newline at end of file +2. Your anti-virus software is stopping the modification of your systems files, including your systems 'hosts' file. This is usually a standard function of anti-virus software, and the most probable cause of this issue. To change this turn off / disable your anti-virus software, run the script and then turn on / enable your anti-virus software. Most anti-virus software has an easily accessible option to disable protection for a short period of time. EG: 1-minute, 3-minutes, etc. You should only need to disable it for 1-minute for the script to execute correctly. \ No newline at end of file diff --git a/cipher-suite-black-list.txt b/cipher-suite-black-list.txt new file mode 100644 index 0000000..c03ae84 --- /dev/null +++ b/cipher-suite-black-list.txt @@ -0,0 +1,279 @@ +Ref 1: https://en.wikipedia.org/wiki/HTTP/2 +Ref 2: https://http2.github.io/http2-spec/#BadCipherSuites + +TLS_NULL_WITH_NULL_NULL +TLS_RSA_WITH_NULL_MD5 +TLS_RSA_WITH_NULL_SHA +TLS_RSA_EXPORT_WITH_RC4_40_MD5 +TLS_RSA_WITH_RC4_128_MD5 +TLS_RSA_WITH_RC4_128_SHA +TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 +TLS_RSA_WITH_IDEA_CBC_SHA +TLS_RSA_EXPORT_WITH_DES40_CBC_SHA +TLS_RSA_WITH_DES_CBC_SHA +TLS_RSA_WITH_3DES_EDE_CBC_SHA +TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA +TLS_DH_DSS_WITH_DES_CBC_SHA +TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA +TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA +TLS_DH_RSA_WITH_DES_CBC_SHA +TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA +TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA +TLS_DHE_DSS_WITH_DES_CBC_SHA +TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA +TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA +TLS_DHE_RSA_WITH_DES_CBC_SHA +TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA +TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 +TLS_DH_anon_WITH_RC4_128_MD5 +TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA +TLS_DH_anon_WITH_DES_CBC_SHA +TLS_DH_anon_WITH_3DES_EDE_CBC_SHA +TLS_KRB5_WITH_DES_CBC_SHA +TLS_KRB5_WITH_3DES_EDE_CBC_SHA +TLS_KRB5_WITH_RC4_128_SHA +TLS_KRB5_WITH_IDEA_CBC_SHA +TLS_KRB5_WITH_DES_CBC_MD5 +TLS_KRB5_WITH_3DES_EDE_CBC_MD5 +TLS_KRB5_WITH_RC4_128_MD5 +TLS_KRB5_WITH_IDEA_CBC_MD5 +TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA +TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA +TLS_KRB5_EXPORT_WITH_RC4_40_SHA +TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 +TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 +TLS_KRB5_EXPORT_WITH_RC4_40_MD5 +TLS_PSK_WITH_NULL_SHA +TLS_DHE_PSK_WITH_NULL_SHA +TLS_RSA_PSK_WITH_NULL_SHA +TLS_RSA_WITH_AES_128_CBC_SHA +TLS_DH_DSS_WITH_AES_128_CBC_SHA +TLS_DH_RSA_WITH_AES_128_CBC_SHA +TLS_DHE_DSS_WITH_AES_128_CBC_SHA +TLS_DHE_RSA_WITH_AES_128_CBC_SHA +TLS_DH_anon_WITH_AES_128_CBC_SHA +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_DH_DSS_WITH_AES_256_CBC_SHA +TLS_DH_RSA_WITH_AES_256_CBC_SHA +TLS_DHE_DSS_WITH_AES_256_CBC_SHA +TLS_DHE_RSA_WITH_AES_256_CBC_SHA +TLS_DH_anon_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_NULL_SHA256 +TLS_RSA_WITH_AES_128_CBC_SHA256 +TLS_RSA_WITH_AES_256_CBC_SHA256 +TLS_DH_DSS_WITH_AES_128_CBC_SHA256 +TLS_DH_RSA_WITH_AES_128_CBC_SHA256 +TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 +TLS_RSA_WITH_CAMELLIA_128_CBC_SHA +TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA +TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA +TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA +TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA +TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +TLS_DH_DSS_WITH_AES_256_CBC_SHA256 +TLS_DH_RSA_WITH_AES_256_CBC_SHA256 +TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +TLS_DH_anon_WITH_AES_128_CBC_SHA256 +TLS_DH_anon_WITH_AES_256_CBC_SHA256 +TLS_RSA_WITH_CAMELLIA_256_CBC_SHA +TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA +TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA +TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA +TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA +TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA +TLS_PSK_WITH_RC4_128_SHA +TLS_PSK_WITH_3DES_EDE_CBC_SHA +TLS_PSK_WITH_AES_128_CBC_SHA +TLS_PSK_WITH_AES_256_CBC_SHA +TLS_DHE_PSK_WITH_RC4_128_SHA +TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA +TLS_DHE_PSK_WITH_AES_128_CBC_SHA +TLS_DHE_PSK_WITH_AES_256_CBC_SHA +TLS_RSA_PSK_WITH_RC4_128_SHA +TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA +TLS_RSA_PSK_WITH_AES_128_CBC_SHA +TLS_RSA_PSK_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_SEED_CBC_SHA +TLS_DH_DSS_WITH_SEED_CBC_SHA +TLS_DH_RSA_WITH_SEED_CBC_SHA +TLS_DHE_DSS_WITH_SEED_CBC_SHA +TLS_DHE_RSA_WITH_SEED_CBC_SHA +TLS_DH_anon_WITH_SEED_CBC_SHA +TLS_RSA_WITH_AES_128_GCM_SHA256 +TLS_RSA_WITH_AES_256_GCM_SHA384 +TLS_DH_RSA_WITH_AES_128_GCM_SHA256 +TLS_DH_RSA_WITH_AES_256_GCM_SHA384 +TLS_DH_DSS_WITH_AES_128_GCM_SHA256 +TLS_DH_DSS_WITH_AES_256_GCM_SHA384 +TLS_DH_anon_WITH_AES_128_GCM_SHA256 +TLS_DH_anon_WITH_AES_256_GCM_SHA384 +TLS_PSK_WITH_AES_128_GCM_SHA256 +TLS_PSK_WITH_AES_256_GCM_SHA384 +TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 +TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 +TLS_PSK_WITH_AES_128_CBC_SHA256 +TLS_PSK_WITH_AES_256_CBC_SHA384 +TLS_PSK_WITH_NULL_SHA256 +TLS_PSK_WITH_NULL_SHA384 +TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 +TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 +TLS_DHE_PSK_WITH_NULL_SHA256 +TLS_DHE_PSK_WITH_NULL_SHA384 +TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 +TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 +TLS_RSA_PSK_WITH_NULL_SHA256 +TLS_RSA_PSK_WITH_NULL_SHA384 +TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 +TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 +TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 +TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 +TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 +TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 +TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 +TLS_EMPTY_RENEGOTIATION_INFO_SCSV +TLS_ECDH_ECDSA_WITH_NULL_SHA +TLS_ECDH_ECDSA_WITH_RC4_128_SHA +TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_ECDSA_WITH_NULL_SHA +TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +TLS_ECDH_RSA_WITH_NULL_SHA +TLS_ECDH_RSA_WITH_RC4_128_SHA +TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_NULL_SHA +TLS_ECDHE_RSA_WITH_RC4_128_SHA +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDH_anon_WITH_NULL_SHA +TLS_ECDH_anon_WITH_RC4_128_SHA +TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA +TLS_ECDH_anon_WITH_AES_128_CBC_SHA +TLS_ECDH_anon_WITH_AES_256_CBC_SHA +TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA +TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA +TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA +TLS_SRP_SHA_WITH_AES_128_CBC_SHA +TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA +TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA +TLS_SRP_SHA_WITH_AES_256_CBC_SHA +TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA +TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 +TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 +TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 +TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_PSK_WITH_RC4_128_SHA +TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 +TLS_ECDHE_PSK_WITH_NULL_SHA +TLS_ECDHE_PSK_WITH_NULL_SHA256 +TLS_ECDHE_PSK_WITH_NULL_SHA384 +TLS_RSA_WITH_ARIA_128_CBC_SHA256 +TLS_RSA_WITH_ARIA_256_CBC_SHA384 +TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 +TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 +TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 +TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 +TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 +TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 +TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 +TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 +TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 +TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 +TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 +TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 +TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 +TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 +TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 +TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 +TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 +TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 +TLS_RSA_WITH_ARIA_128_GCM_SHA256 +TLS_RSA_WITH_ARIA_256_GCM_SHA384 +TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 +TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 +TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 +TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 +TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 +TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 +TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 +TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 +TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 +TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 +TLS_PSK_WITH_ARIA_128_CBC_SHA256 +TLS_PSK_WITH_ARIA_256_CBC_SHA384 +TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 +TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 +TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 +TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 +TLS_PSK_WITH_ARIA_128_GCM_SHA256 +TLS_PSK_WITH_ARIA_256_GCM_SHA384 +TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 +TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 +TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 +TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 +TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 +TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 +TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 +TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 +TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 +TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 +TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 +TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 +TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 +TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 +TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 +TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 +TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 +TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 +TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 +TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 +TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 +TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 +TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 +TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +TLS_RSA_WITH_AES_128_CCM +TLS_RSA_WITH_AES_256_CCM +TLS_RSA_WITH_AES_128_CCM_8 +TLS_RSA_WITH_AES_256_CCM_8 +TLS_PSK_WITH_AES_128_CCM +TLS_PSK_WITH_AES_256_CCM +TLS_PSK_WITH_AES_128_CCM_8 +TLS_PSK_WITH_AES_256_CCM_8 \ No newline at end of file diff --git a/sample-config.ini b/sample-config.ini index b6cce15..2688b8f 100644 --- a/sample-config.ini +++ b/sample-config.ini @@ -38,7 +38,9 @@ sslDays=3650 [Website 1] hostname=www.dev.website-1.com.au documentRoot=C:/wamp64 - domains/website-1/public_html +http2=true [Website 2] hostname=www.dev.website-2.com.au -documentRoot=C:/wamp64 - domains/website-2/public_html \ No newline at end of file +documentRoot=C:/wamp64 - domains/website-2/public_html +http2=true \ No newline at end of file diff --git a/ssl_config.bat b/ssl_config.bat index 855f06c..bde25e2 100644 --- a/ssl_config.bat +++ b/ssl_config.bat @@ -7,7 +7,7 @@ rem INITIALISATION rem ----------------------- rem Set default variables rem ----------------------- -set $scriptVersion=1.1.1 +set $scriptVersion=1.2.0 set $scriptLogFileName=ssl_config.log rem WampServer sub-paths. @@ -580,6 +580,7 @@ for /l %%a in (1,1,%$totalConfigDomains%) do ( set $config[name]=!$config[%%a][name]! set $config[hostname]=!$config[%%a][hostname]! set $config[documentRoot]=!$config[%%a][documentRoot]! + set $config[http2]=!$config[%%a][http2]! rem Show domain name. call :logToBoth "---------------------------------------------" @@ -637,11 +638,19 @@ for /l %%a in (1,1,%$totalConfigDomains%) do ( rem (Re)Create HTTPS vhost file rem ----------------------------- if not exist "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" ( - (call :apache24HttpsVhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + if /i "!$config[http2]!" equ "false" ( + (call :apache24Https11VhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + ) else ( + (call :apache24Https2VhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + ) call :logToBoth " Created Virtual Host https file." ) else ( call :deleteFileIfExists "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" - (call :apache24HttpsVhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + if /i "!$config[http2]!" equ "false" ( + (call :apache24Https11VhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + ) else ( + (call :apache24Https2VhostConfigFile) >> "!$config[wampServerExtensionsPath]!\vhosts\https\!$config[hostname]!.conf" + ) call :logToBoth " Re-created Virtual Host https file." ) @@ -738,7 +747,7 @@ for /l %%a in (1,1,%$totalApacheVersionsInstalled%) do ( rem -------------------------------------------- - rem Uncomment 'socache_shmcb_modules' module + rem Uncomment 'socache_shmcb_module' module rem rem Low level shared memory based object cache rem for caching information such as SSL @@ -757,13 +766,14 @@ for /l %%a in (1,1,%$totalApacheVersionsInstalled%) do ( ) - rem ----------------------------------------- - rem Uncomment 'ssl_module_modules' module + rem ------------------------------- + rem Uncomment 'ssl_module' module rem - rem This module used the socache interface - rem to provide a session cache and stapling + rem This module used the socache + rem interface to provide a + rem session cache and stapling rem cache. - rem ----------------------------------------- + rem ------------------------------- rem Check if the module is commented out / disabled. call :findInFile "]#LoadModule ssl_module modules/mod_ssl.so" "!$installedApacheVersionPathsArray[%%a]!\conf\httpd.conf" @@ -777,6 +787,34 @@ for /l %%a in (1,1,%$totalApacheVersionsInstalled%) do ( ) + rem ----------------------------------------- + rem Uncomment 'http2_module' module + rem + rem This module enables HTTP/2 support. + rem + rem HTTP/2 functionality set per development + rem domain. + rem + rem OpenSSL version must be greater than or + rem equal to 1.0.2 for HTTP/2 compatibility. + rem + rem OpenSSL cipher suite must be greater + rem than or equal to TLS 1.3 for HTTP/2 + rem compatibility. + rem ----------------------------------------- + + rem Check if the module is commented out / disabled. + call :findInFile "]#LoadModule http2_module modules/mod_http2.so" "!$installedApacheVersionPathsArray[%%a]!\conf\httpd.conf" + if /i "!$result!" equ "true" ( + rem Uncomment / enable the module. + call :findAndReplaceInFile "]#LoadModule http2_module modules/mod_http2.so" "]LoadModule http2_module modules/mod_http2.so" "!$installedApacheVersionPathsArray[%%a]!\conf\httpd.conf" + call :logToBoth " 'http2_module' uncommented." + ) else ( + rem Module already uncommented / enabled. + call :logToBoth " 'http2_module' already uncommented." + ) + + rem ---------------------------------------- rem Add vhosts HTTPS 'httpd-ssl.conf' link rem ---------------------------------------- @@ -1271,10 +1309,51 @@ echo ^ exit /B -rem ----------------------------------------------------------- -rem The vhosts 'httpd-ssl.conf' configuration (template) file -rem ----------------------------------------------------------- -:apache24HttpsVhostConfigFile +rem --------------------------------------------------------------------------- +rem The vhosts 'httpd-ssl.conf' configuration (template) file (with HTTP/1.1) +rem --------------------------------------------------------------------------- +:apache24Https11VhostConfigFile + +echo # Virtual Host - https://!$config[hostname]! +echo # +echo ^ +echo: +echo ServerName !$config[hostname]! +echo ServerAlias !$config[hostname]! +echo ServerAdmin admin@%!$config[hostname]! +echo DocumentRoot "!$config[documentRoot]!" +echo: +echo ^ +echo SSLOptions +StdEnvVars +echo Options +Indexes +Includes +FollowSymLinks +MultiViews +echo AllowOverride All +echo Require local +echo Require ip !$ipNetworkPart! +echo ^ +echo: +echo SSLEngine on +echo: +echo SSLCertificateFile "!$config[wampServerExtensionsPath]!/certs/!$config[hostname]!/server.crt" +echo SSLCertificateKeyFile "!$config[wampServerExtensionsPath]!/certs/!$config[hostname]!/private.key" +echo: +echo LogFormat "%%L [%%{%%a, %%d-%%b-%%g %%T}t %%{%%z}t] %%H %%m \"%%U%%q\" (%%b bytes) %%>s" access +echo CustomLog "!$config[wampServerExtensionsPath]!/logs/!$config[hostname]!/access.log" access +echo: +echo ErrorLogFormat "%%L [%%t] [%%-m:%%l] [pid %%P:tid %%T] %%E: %%a %%M" +echo ErrorLog "!$config[wampServerExtensionsPath]!/logs/!$config[hostname]!/error.log" +echo: +echo LogFormat "%%L [%%{%%a, %%d-%%b-%%g %%T}t %%{%%z}t] %%H %%{SSL_PROTOCOL}x %%{SSL_CIPHER}x %%m \"%%U%%q\" (%%b bytes) %%>s" ssl +echo CustomLog "!$config[wampServerExtensionsPath]!/logs/!$config[hostname]!/ssl_request.log" ssl +echo: +echo ^ + +exit /B + + +rem ------------------------------------------------------------------------- +rem The vhosts 'httpd-ssl.conf' configuration (template) file (with HTTP/2) +rem ------------------------------------------------------------------------- +:apache24Https2VhostConfigFile echo # Virtual Host - https://!$config[hostname]! echo # @@ -1307,6 +1386,9 @@ echo: echo LogFormat "%%L [%%{%%a, %%d-%%b-%%g %%T}t %%{%%z}t] %%H %%{SSL_PROTOCOL}x %%{SSL_CIPHER}x %%m \"%%U%%q\" (%%b bytes) %%>s" ssl echo CustomLog "!$config[wampServerExtensionsPath]!/logs/!$config[hostname]!/ssl_request.log" ssl echo: +echo SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +echo Protocols h2 http/1.1 +echo: echo ^ exit /B diff --git a/testing/configs/config-key-value-pair-corrupt.ini b/testing/configs/config-key-value-pair-corrupt.ini index 32e6de0..2a305ce 100644 --- a/testing/configs/config-key-value-pair-corrupt.ini +++ b/testing/configs/config-key-value-pair-corrupt.ini @@ -38,7 +38,9 @@ sslDays=3650 [Website 1] hostname documentRoot=C:/wamp64 - domains/website-1/public_html +http2=true [Website 2] hostname=www.dev.website-2.com.au -documentRoot=C:/wamp64 - domains/website-2/public_html \ No newline at end of file +documentRoot=C:/wamp64 - domains/website-2/public_html +http2=true \ No newline at end of file diff --git a/testing/configs/config-section-corrupt.ini b/testing/configs/config-section-corrupt.ini index b5b05be..9b9c2bd 100644 --- a/testing/configs/config-section-corrupt.ini +++ b/testing/configs/config-section-corrupt.ini @@ -38,7 +38,9 @@ sslDays=3650 [Website 1] ___this should not be here___ hostname=www.dev.website-1.com.au documentRoot=C:/wamp64 - domains/website-1/public_html +http2=true [Website 2] hostname=www.dev.website-2.com.au -documentRoot=C:/wamp64 - domains/website-2/public_html \ No newline at end of file +documentRoot=C:/wamp64 - domains/website-2/public_html +http2=true \ No newline at end of file diff --git a/testing/configs/config-wampserver-install-path-corrupt.ini b/testing/configs/config-wampserver-install-path-corrupt.ini index a4c5ebd..bf014a3 100644 --- a/testing/configs/config-wampserver-install-path-corrupt.ini +++ b/testing/configs/config-wampserver-install-path-corrupt.ini @@ -38,7 +38,9 @@ sslDays=3650 [Website 1] hostname=www.dev.website-1.com.au documentRoot=C:/wamp64 - domains/website-1/public_html +http2=true [Website 2] hostname=www.dev.website-2.com.au -documentRoot=C:/wamp64 - domains/website-2/public_html \ No newline at end of file +documentRoot=C:/wamp64 - domains/website-2/public_html +http2=true \ No newline at end of file