summaryrefslogtreecommitdiff
path: root/user/apache-httpd/conf/ssl.conf
blob: bb3dd02c559acfaaa3e4e324fa4b8cdf594f46f1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<IfModule ssl_module>
# The following should appear in each <VirtualHost> block that plans to
# use SSL/TLS.
#
#    SSLEngine on
#    SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs
#    SSLCertificateKeyFile   /path/to/private/key
#
#    # Uncomment the following directive when using client certificate authentication
#    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication
#
#    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
#    <IfModule headers_module>
#    Header always set Strict-Transport-Security "max-age=15768000"
#    </IfModule>
#

Listen 443
# At the moment, these options the current best practices for modern users.
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder     on
SSLSessionTickets       off
</IfModule>