[eostre.git] / drupal-configs / shopserver / apache2 / sites-available / ssl-common.conf


# Disable SSLv2 (BEAST) SSLv3 (POODLE) and TLS < 1.2 (PCI compliance)
SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

# PFS
# Current recommend list from https://cipherli.st
SSLHonorCipherOrder	on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

# HSTS
Header always set Strict-Transport-Security "max-age=63072000"

# Security Headers
#Header always set X-Frame-Options DENY
#Header always set X-Content-Type-Options nosniff

# Apache2 >= 2.4 only:
# OCSP Stapling

SSLCompression off 
# Disable for now, requires apache 2.4.12 (trisquel 8?)
#SSLSessionTickets Off
SSLUseStapling on
Commit	Line	Data
436d9fbf	1
	2	# Disable SSLv2 (BEAST) SSLv3 (POODLE) and TLS < 1.2 (PCI compliance)
	3	SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	4
	5	# PFS
	6	# Current recommend list from https://cipherli.st
	7	SSLHonorCipherOrder on
	8	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	9
	10	# HSTS
	11	Header always set Strict-Transport-Security "max-age=63072000"
	12
	13	# Security Headers
	14	#Header always set X-Frame-Options DENY
	15	#Header always set X-Content-Type-Options nosniff
	16
	17	# Apache2 >= 2.4 only:
	18	# OCSP Stapling
	19
	20	SSLCompression off
	21	# Disable for now, requires apache 2.4.12 (trisquel 8?)
	22	#SSLSessionTickets Off
	23	SSLUseStapling on
	24