#ServerName www.example.com:443 ServerAdmin webmaster@localhost DocumentRoot "/srv/www/apache" Options Indexes FollowSymLinks AllowOverride None Require all granted ErrorLog ${APACHE_LOG_DIR}/002-default-ssl.error.log CustomLog ${APACHE_LOG_DIR}/002-default-ssl.access.log combined Protocols h2 http/1.1 SSLEngine on SSLCertificateFile "/etc/apache/server.crt" SSLCertificateKeyFile "/etc/apache/server.key" #SSLCertificateChainFile "/etc/apache/server-ca.crt" #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder On SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires Apache >= 2.4.11 SSLSessionTickets Off #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" #Header always set X-Frame-Options DENY #Header always set X-Content-Type-Options nosniff SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_request.log ssl_info CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_browser.log ssl_info_browser # vim: syntax=apache ts=4 sw=4 sts=4 sr noet