source: npl/internetserver/apache_conf/root/etc/apache2/conf.d/httpd-ssl.conf

Last change on this file was 47dca21, checked in by Edwin Eefting <edwin@datux.nl>, 5 years ago

disable ssl stapling
  • Property mode set to 100644
File size: 2.2 KB
Line 
1# SYN-3 apache SSL config file. Will be overwritten by updates.
2
3
4Listen 443
5
6# Some MIME-types for downloading Certificates and CRLs
7AddType application/x-x509-ca-cert .crt
8AddType application/x-pkcs7-crl    .crl
9
10
11# Inter-Process Session Cache:
12SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
13SSLSessionCacheTimeout  300
14
15
16# Protocol and cipher settings
17# (from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.18&openssl=1.0.1t&hsts=no&profile=intermediate )
18
19SSLProtocol             all -SSLv3
20SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
21SSLHonorCipherOrder     on
22SSLCompression          off
23SSLSessionTickets       off
24
25#off: otherwise you'll get timeouts when the server has no internet
26SSLUseStapling          off
27SSLStaplingResponderTimeout 5
28SSLStaplingReturnResponderErrors off
29SSLStaplingCache        shmcb:/var/run/ocsp(128000)
30
31
32##
33## SSL Virtual Host Context
34##
35
36<VirtualHost _default_:443>
37
38DocumentRoot "/var/www/htdocs"
39
40SSLEngine on
41
42
43# Certificate stuff
44SSLCertificateFile /usr/webint/ssl/server.crt
45SSLCertificateKeyFile /usr/webint/ssl/server.pem
46SSLCertificateChainFile /usr/webint/ssl/server.crt
47
48#SSLCACertificatePath /etc/apache2/ssl.crt
49#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
50#SSLCARevocationPath /etc/apache2/ssl.crl
51#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
52
53
54
55
56# SSL Engine Options:
57<FilesMatch "\.(cgi|shtml|phtml|php)$">
58    SSLOptions +StdEnvVars
59</FilesMatch>
60<Directory "/var/www/cgi-bin">
61    SSLOptions +StdEnvVars
62</Directory>
63
64RewriteEngine on
65RewriteOptions inherit
66
67</VirtualHost>
Note: See TracBrowser for help on using the repository browser.