ajout de SSL

author: clyhtsuriva <clyhtsuriva@gmail.com> 2020-05-07 08:47:04 +0200
committer: clyhtsuriva <clyhtsuriva@gmail.com> 2020-05-07 08:47:04 +0200
commit: fdf19b48fdb7a022b8f0d6f490bf07b9a1d3bc7a (patch)
tree: f5e1aacf477d4116d0c96159e476a8f423636263 /www/server-config/apache2/conf-available/ssl-params.conf
parent: 1b9db81514c6ad7c0cfd2952edc7d42f1e28e18b (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/www/server-config/apache2/conf-available/ssl-params.conf b/www/server-config/apache2/conf-available/ssl-params.conf
new file mode 100644
index 0000000..bbe4509
--- /dev/null
+++ b/www/server-config/apache2/conf-available/ssl-params.conf
@@ -0,0 +1,16 @@
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLProtocol All -SSLv2 -SSLv3
+SSLHonorCipherOrder On
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+# Requires Apache >= 2.4
+SSLCompression off 
+SSLSessionTickets Off
+SSLUseStapling on 
+SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+
+SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
author	clyhtsuriva <clyhtsuriva@gmail.com>	2020-05-07 08:47:04 +0200
committer	clyhtsuriva <clyhtsuriva@gmail.com>	2020-05-07 08:47:04 +0200
commit	fdf19b48fdb7a022b8f0d6f490bf07b9a1d3bc7a (patch)
tree	f5e1aacf477d4116d0c96159e476a8f423636263 /www/server-config/apache2/conf-available/ssl-params.conf
parent	1b9db81514c6ad7c0cfd2952edc7d42f1e28e18b (diff)