ansible-role-apache/files/ssl.conf

SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder     off
SSLCompression          off
SSLSessionTickets       off
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(32768)
SSLOpenSSLConfCmd       DHParameters /etc/ssl/dhparams.pem
Erweitere Apache-Konfiguration 2021-07-28 09:56:47 +02:00			`SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1`
			`SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`
			`SSLHonorCipherOrder off`
			`SSLCompression off`
			`SSLSessionTickets off`
			`SSLUseStapling on`
			`SSLStaplingResponderTimeout 5`
			`SSLStaplingReturnResponderErrors off`
			`SSLStaplingCache shmcb:/var/run/ocsp(32768)`
			`SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparams.pem`