--- /dev/null
+
+# Disable SSLv2 (BEAST) and SSLv3 (POODLE)
+SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+
+# PFS
+# Current recommend list from https://cipherli.st
+SSLHonorCipherOrder on
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+
+# HSTS
+Header always set Strict-Transport-Security "max-age=63072000"
+
+# Security Headers
+#Header always set X-Frame-Options DENY
+#Header always set X-Content-Type-Options nosniff
+
+# Apache2 >= 2.4 only:
+# OCSP Stapling
+
+SSLCompression off
+# Disable for now, requires apache 2.4.12 (trisquel 8?)
+#SSLSessionTickets Off
+#SSLUseStapling on
+
+