436d9fbf |
1 | |
2 | # Disable SSLv2 (BEAST) SSLv3 (POODLE) and TLS < 1.2 (PCI compliance) |
3 | SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 |
4 | |
5 | # PFS |
6 | # Current recommend list from https://cipherli.st |
7 | SSLHonorCipherOrder on |
8 | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH |
9 | |
10 | # HSTS |
11 | Header always set Strict-Transport-Security "max-age=63072000" |
12 | |
13 | # Security Headers |
14 | #Header always set X-Frame-Options DENY |
15 | #Header always set X-Content-Type-Options nosniff |
16 | |
17 | # Apache2 >= 2.4 only: |
18 | # OCSP Stapling |
19 | |
20 | SSLCompression off |
21 | # Disable for now, requires apache 2.4.12 (trisquel 8?) |
22 | #SSLSessionTickets Off |
23 | SSLUseStapling on |
24 | |