1 # File managed by ansible, do not edit
4 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
5 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
7 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
8 Header always set X-Frame-Options sameorigin
9 Header always set X-Content-Type-Options nosniff
10 # Requires Apache >= 2.4
14 #SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)
15 #SSLStaplingResponderTimeout 5
16 #SSLStaplingFakeTryLater off
17 #SSLStaplingReturnResponderErrors off
18 #SSLStaplingForceURL http://serverproxy0p.fsf.org:8001
20 # Requires Apache >= 2.4.11
23 # https://weakdh.org/sysadmin.html
24 # Requires Apache >= 2.4.8
25 SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"