drupal-configs/shopserver/apache2/sites-available/ssl-common.conf

   1
   2 # Disable SSLv2 (BEAST) SSLv3 (POODLE) and TLS < 1.2 (PCI compliance)
   3 SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   4
   5 # PFS
   6 # Current recommend list from https://cipherli.st
   7 SSLHonorCipherOrder     on
   8 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
   9
  10 # HSTS
  11 Header always set Strict-Transport-Security "max-age=63072000"
  12
  13 # Security Headers
  14 #Header always set X-Frame-Options DENY
  15 #Header always set X-Content-Type-Options nosniff
  16
  17 # Apache2 >= 2.4 only:
  18 # OCSP Stapling
  19
  20 SSLCompression off
  21 # Disable for now, requires apache 2.4.12 (trisquel 8?)
  22 #SSLSessionTickets Off
  23 SSLUseStapling on
  24