# Disable SSLv2 (BEAST) and SSLv3 (POODLE) SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # PFS # Current recommend list from https://cipherli.st SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH # HSTS Header always set Strict-Transport-Security "max-age=63072000" # Security Headers #Header always set X-Frame-Options DENY #Header always set X-Content-Type-Options nosniff # Apache2 >= 2.4 only: # OCSP Stapling SSLCompression off # Disable for now, requires apache 2.4.12 (trisquel 8?) #SSLSessionTickets Off #SSLUseStapling on