aboutsummaryrefslogtreecommitdiffstats
path: root/www/server-config/apache2/conf-available/ssl-params.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--www/server-config/apache2/conf-available/ssl-params.conf16
1 files changed, 16 insertions, 0 deletions
diff --git a/www/server-config/apache2/conf-available/ssl-params.conf b/www/server-config/apache2/conf-available/ssl-params.conf
new file mode 100644
index 0000000..bbe4509
--- /dev/null
+++ b/www/server-config/apache2/conf-available/ssl-params.conf
@@ -0,0 +1,16 @@
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLProtocol All -SSLv2 -SSLv3
+SSLHonorCipherOrder On
+# Disable preloading HSTS for now. You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+# Requires Apache >= 2.4
+SSLCompression off
+SSLSessionTickets Off
+SSLUseStapling on
+SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+
+SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
generated by cgit v1.2.3 (git 2.39.1) at 2026-06-08 23:50:24 +0000