summaryrefslogtreecommitdiff
path: root/user/apache-httpd/conf/ssl.conf
diff options
context:
space:
mode:
authorKiyoshi Aman <kiyoshi.aman+adelie@gmail.com>2018-02-04 21:15:27 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2018-04-27 16:09:07 -0500
commitbe6bc7b26c9ad0574ed6cfb17470224d2a5e8820 (patch)
tree8b06ae2be324fb4baf2961be4061a10d9153e1ee /user/apache-httpd/conf/ssl.conf
parentbf44d023eda4469b01cfec21bebe664feea6285c (diff)
downloadpackages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.gz
packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.bz2
packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.xz
packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.zip
user/apache-httpd: new package
Diffstat (limited to 'user/apache-httpd/conf/ssl.conf')
-rw-r--r--user/apache-httpd/conf/ssl.conf24
1 files changed, 24 insertions, 0 deletions
diff --git a/user/apache-httpd/conf/ssl.conf b/user/apache-httpd/conf/ssl.conf
new file mode 100644
index 000000000..bb3dd02c5
--- /dev/null
+++ b/user/apache-httpd/conf/ssl.conf
@@ -0,0 +1,24 @@
+<IfModule ssl_module>
+# The following should appear in each <VirtualHost> block that plans to
+# use SSL/TLS.
+#
+# SSLEngine on
+# SSLCertificateFile /path/to/signed_certificate_followed_by_intermediate_certs
+# SSLCertificateKeyFile /path/to/private/key
+#
+# # Uncomment the following directive when using client certificate authentication
+# #SSLCACertificateFile /path/to/ca_certs_for_client_authentication
+#
+# # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+# <IfModule headers_module>
+# Header always set Strict-Transport-Security "max-age=15768000"
+# </IfModule>
+#
+
+Listen 443
+# At the moment, these options the current best practices for modern users.
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder on
+SSLSessionTickets off
+</IfModule>