[eostre.git] / drupal-configs / apache2 / conf-enabled / ssl.conf

# File managed by ansible, do not edit
#https://cipherli.st/

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options sameorigin
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off 

#SSLUseStapling on 
#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)
#SSLStaplingResponderTimeout 5
#SSLStaplingFakeTryLater off
#SSLStaplingReturnResponderErrors off
#SSLStaplingForceURL http://serverproxy0p.fsf.org:8001

# Requires Apache >= 2.4.11
SSLSessionTickets Off

# https://weakdh.org/sysadmin.html
# Requires Apache >= 2.4.8
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
Commit	Line	Data
09c20003	1	# File managed by ansible, do not edit
	2	#https://cipherli.st/
	3
	4	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	5	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	6	SSLHonorCipherOrder On
	7	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	8	Header always set X-Frame-Options sameorigin
	9	Header always set X-Content-Type-Options nosniff
	10	# Requires Apache >= 2.4
	11	SSLCompression off
	12
	13	#SSLUseStapling on
	14	#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)
	15	#SSLStaplingResponderTimeout 5
	16	#SSLStaplingFakeTryLater off
	17	#SSLStaplingReturnResponderErrors off
	18	#SSLStaplingForceURL http://serverproxy0p.fsf.org:8001
	19
	20	# Requires Apache >= 2.4.11
	21	SSLSessionTickets Off
	22
	23	# https://weakdh.org/sysadmin.html
	24	# Requires Apache >= 2.4.8
	25	SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"