diff options
Diffstat (limited to 'roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2')
-rw-r--r-- | roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 b/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 new file mode 100644 index 0000000..eb85a29 --- /dev/null +++ b/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 @@ -0,0 +1,17 @@ +Listen 443 https + +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +SSLCryptoDevice builtin + +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +SSLHonorCipherOrder off +SSLSessionTickets off + +# Stapling causes all kinds of hard-to-debug problems on Android clients! +#SSLUseStapling On +#SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" |