user/apache-httpd: new package

1 files changed, 24 insertions, 0 deletions

diff --git a/user/apache-httpd/conf/ssl.conf b/user/apache-httpd/conf/ssl.conf
new file mode 100644
index 000000000..bb3dd02c5
--- /dev/null
+++ b/user/apache-httpd/conf/ssl.conf
@@ -0,0 +1,24 @@
+<IfModule ssl_module>
+# The following should appear in each <VirtualHost> block that plans to
+# use SSL/TLS.
+#
+#    SSLEngine on
+#    SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs
+#    SSLCertificateKeyFile   /path/to/private/key
+#
+#    # Uncomment the following directive when using client certificate authentication
+#    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication
+#
+#    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+#    <IfModule headers_module>
+#    Header always set Strict-Transport-Security "max-age=15768000"
+#    </IfModule>
+#
+
+Listen 443
+# At the moment, these options the current best practices for modern users.
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder     on
+SSLSessionTickets       off
+</IfModule>