From fdf19b48fdb7a022b8f0d6f490bf07b9a1d3bc7a Mon Sep 17 00:00:00 2001
From: clyhtsuriva <clyhtsuriva@gmail.com>
Date: Thu, 7 May 2020 08:47:04 +0200
Subject: ajout de SSL

---
 www/server-config/apache2/conf-available/ssl-params.conf | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 www/server-config/apache2/conf-available/ssl-params.conf

(limited to 'www/server-config/apache2/conf-available/ssl-params.conf')

diff --git a/www/server-config/apache2/conf-available/ssl-params.conf b/www/server-config/apache2/conf-available/ssl-params.conf
new file mode 100644
index 0000000..bbe4509
--- /dev/null
+++ b/www/server-config/apache2/conf-available/ssl-params.conf
@@ -0,0 +1,16 @@
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLProtocol All -SSLv2 -SSLv3
+SSLHonorCipherOrder On
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+# Requires Apache >= 2.4
+SSLCompression off 
+SSLSessionTickets Off
+SSLUseStapling on 
+SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+
+SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
-- 
cgit v1.2.3