diff options
author | clyhtsuriva <clyhtsuriva@gmail.com> | 2020-05-07 08:47:04 +0200 |
---|---|---|
committer | clyhtsuriva <clyhtsuriva@gmail.com> | 2020-05-07 08:47:04 +0200 |
commit | fdf19b48fdb7a022b8f0d6f490bf07b9a1d3bc7a (patch) | |
tree | f5e1aacf477d4116d0c96159e476a8f423636263 /www/server-config/apache2/conf-available/ssl-params.conf | |
parent | 1b9db81514c6ad7c0cfd2952edc7d42f1e28e18b (diff) |
ajout de SSL
Diffstat (limited to 'www/server-config/apache2/conf-available/ssl-params.conf')
-rw-r--r-- | www/server-config/apache2/conf-available/ssl-params.conf | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/www/server-config/apache2/conf-available/ssl-params.conf b/www/server-config/apache2/conf-available/ssl-params.conf new file mode 100644 index 0000000..bbe4509 --- /dev/null +++ b/www/server-config/apache2/conf-available/ssl-params.conf @@ -0,0 +1,16 @@ +SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH +SSLProtocol All -SSLv2 -SSLv3 +SSLHonorCipherOrder On +# Disable preloading HSTS for now. You can use the commented out header line that includes +# the "preload" directive if you understand the implications. +#Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" +Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" +Header always set X-Frame-Options DENY +Header always set X-Content-Type-Options nosniff +# Requires Apache >= 2.4 +SSLCompression off +SSLSessionTickets Off +SSLUseStapling on +SSLStaplingCache "shmcb:logs/stapling-cache(150000)" + +SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" |