projects / eostre.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pulling in entire conf directory
[eostre.git] / drupal-configs / shopserver / apache2 / sites-available / ssl-common.conf.cfsaved
diff --git a/drupal-configs/shopserver/apache2/sites-available/ssl-common.conf.cfsaved b/drupal-configs/shopserver/apache2/sites-available/ssl-common.conf.cfsaved
new file mode 100644 (file)
index 0000000..139d56b
--- /dev/null
+++ b/drupal-configs/shopserver/apache2/sites-available/ssl-common.conf.cfsaved
@@ -0,0 +1,25 @@
+
+# Disable SSLv2 (BEAST) and SSLv3 (POODLE)
+SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+
+# PFS
+# Current recommend list from https://cipherli.st
+SSLHonorCipherOrder    on
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+
+# HSTS
+Header always set Strict-Transport-Security "max-age=63072000"
+
+# Security Headers
+#Header always set X-Frame-Options DENY
+#Header always set X-Content-Type-Options nosniff
+
+# Apache2 >= 2.4 only:
+# OCSP Stapling
+
+SSLCompression off 
+# Disable for now, requires apache 2.4.12 (trisquel 8?)
+#SSLSessionTickets Off
+#SSLUseStapling on 
+
+
Unnamed repository; edit this file 'description' to name the repository.