From be6bc7b26c9ad0574ed6cfb17470224d2a5e8820 Mon Sep 17 00:00:00 2001
From: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
Date: Sun, 4 Feb 2018 21:15:27 +0000
Subject: user/apache-httpd: new package

---
 user/apache-httpd/conf/ssl.conf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 user/apache-httpd/conf/ssl.conf

(limited to 'user/apache-httpd/conf/ssl.conf')

diff --git a/user/apache-httpd/conf/ssl.conf b/user/apache-httpd/conf/ssl.conf
new file mode 100644
index 000000000..bb3dd02c5
--- /dev/null
+++ b/user/apache-httpd/conf/ssl.conf
@@ -0,0 +1,24 @@
+<IfModule ssl_module>
+# The following should appear in each <VirtualHost> block that plans to
+# use SSL/TLS.
+#
+#    SSLEngine on
+#    SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs
+#    SSLCertificateKeyFile   /path/to/private/key
+#
+#    # Uncomment the following directive when using client certificate authentication
+#    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication
+#
+#    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+#    <IfModule headers_module>
+#    Header always set Strict-Transport-Security "max-age=15768000"
+#    </IfModule>
+#
+
+Listen 443
+# At the moment, these options the current best practices for modern users.
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder     on
+SSLSessionTickets       off
+</IfModule>
-- 
cgit v1.2.3-70-g09d2