Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # from https://cipherli.st/
- # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
- SSLProtocol All -SSLv2 -SSLv3
- SSLHonorCipherOrder On
- # Disable preloading HSTS for now. You can use the commented out header line that includes
- # the "preload" directive if you understand the implications.
- #Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
- Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
- Header always set X-Frame-Options DENY
- Header always set X-Content-Type-Options nosniff
- # Requires Apache >= 2.4
- SSLCompression off
- SSLSessionTickets Off
- SSLUseStapling on
- SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
- SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement