Skip to content
Permalink
Newer
Older
100644 28 lines (21 sloc) 1.05 KB
1
# modern configuration, tweak to your needs
2
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
3
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
4
SSLHonorCipherOrder on
5
SSLCompression off
6
7
# OCSP Stapling, only in httpd 2.3.3 and later
8
SSLUseStapling on
9
SSLStaplingResponderTimeout 5
10
SSLStaplingReturnResponderErrors off
11
SSLStaplingCache shmcb:/var/run/ocsp(128000)
12
13
Listen 443 https
14
<VirtualHost *:443>
15
RewriteEngine on
16
RewriteRule "^/$" "/grouper/" [R]
17
18
SSLEngine on
19
SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
20
21
SSLCertificateFile /etc/pki/tls/certs/host-cert.pem
22
23
SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem
24
25
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
26
Header always set Strict-Transport-Security "max-age=15768000"
27
</VirtualHost>
28
You can’t perform that action at this time.