09c20003 |
1 | # File managed by ansible, do not edit |
2 | #https://cipherli.st/ |
3 | |
4 | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH |
5 | SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 |
6 | SSLHonorCipherOrder On |
7 | Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" |
8 | Header always set X-Frame-Options sameorigin |
9 | Header always set X-Content-Type-Options nosniff |
10 | # Requires Apache >= 2.4 |
11 | SSLCompression off |
12 | |
13 | #SSLUseStapling on |
14 | #SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000) |
15 | #SSLStaplingResponderTimeout 5 |
16 | #SSLStaplingFakeTryLater off |
17 | #SSLStaplingReturnResponderErrors off |
18 | #SSLStaplingForceURL http://serverproxy0p.fsf.org:8001 |
19 | |
20 | # Requires Apache >= 2.4.11 |
21 | SSLSessionTickets Off |
22 | |
23 | # https://weakdh.org/sysadmin.html |
24 | # Requires Apache >= 2.4.8 |
25 | SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem" |