diff --git a/install_httpd-2.4.sh b/install_httpd-2.4.sh
index 690a6d5..17c981d 100755
--- a/install_httpd-2.4.sh
+++ b/install_httpd-2.4.sh
@@ -32,8 +32,8 @@ else
    _WITH_MOD_PHP=true
 fi
 
-#_SSL_Cipher_Suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
-_SSL_Cipher_Suite='ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'
+#_SSL_Cipher_Suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!SSLv2:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
+_SSL_Cipher_Suite='ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!SSLv2:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
 
 _PHP_VERSION=7.1.24
 
@@ -2169,10 +2169,42 @@ fi
 ## --- SSL
 ## ---
 
+echononl "\tCreate directory '$PREFIX/conf/ssl'.."
+if [[ ! -d "$PREFIX/conf/ssl" ]]; then
+   echo "" >> ${_logdir}/main.log
+   echo "## - Create directory '$PREFIX/conf/ssl' .." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echo "mkdir \"$PREFIX/conf/ssl\"" >> ${_logdir}/main.log 2>&1
+   mkdir  "$PREFIX/conf/ssl"  >> ${_logdir}/main.log
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+      warn "Creating directory '$PREFIX/conf/ssl' failed"
+   fi
+else
+   echo_skipped
+fi
+
+echo "" >> ${_logdir}/main.log
+echo "## - Generate a dhparam.pem file .." >> ${_logdir}/main.log
+echo "## -" >> ${_logdir}/main.log
+echo "openssl dhparam -dsaparam -out $PREFIX/conf/ssl/dhparam.pem 4096" >> ${_logdir}/main.log
+echononl "\tGenerate a dhparam.pem file.."
+openssl dhparam -dsaparam -out $PREFIX/conf/ssl/dhparam.pem 4096 >> ${_logdir}/main.log 2>&1
+if [ "0" = "$?" ];then
+   echo_ok
+else
+   echo_failed
+   warn " Generating dhparam.pem file '$PREFIX/conf/ssl/dhparam.pem' failed"
+fi
+
+
 ## - include httpd-ssl.conf
 ## -
 _file=httpd-ssl.conf
 if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
+
    echo "" >> ${_logdir}/main.log
    echo "## - httpd.conf: include file \"$_file\".." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
@@ -2188,6 +2220,17 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
       echo_failed
    fi
 
+   echo "" >> ${_logdir}/main.log
+   echo "## - Backup file '${PREFIX}/${_rel_confextra_path}/${_file}'.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echononl "\tBackup file '${PREFIX}/${_rel_confextra_path}/${_file}'.."
+   cp -a "${PREFIX}/${_rel_confextra_path}/${_file}" "${PREFIX}/${_rel_confextra_path}/${_file}.ORIG" >> ${_logdir}/main.log 2>&1
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+   fi
+
    #notice=""
    ## - copy certification files if present..
    _failed=false
@@ -2296,6 +2339,39 @@ EOF
       fi
    done
 
+   ## - Set Diffie Hellman Ephemeral Parameters
+   ## -
+   echononl "\t$_file: Set Diffie Hellman Ephemeral Parameters.."
+   if ! grep -q SSLOpenSSLConfCmd ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix 2> /dev/null ; then
+      if [[ ! -f "${PREFIX}/conf/ssl/dhparam.pem" ]] ; then
+         echo_skipped
+         warn "Diffie Hellman Parameter file (${PREFIX}/conf/ssl/dhparam.pem') NOT found!"
+      else
+         echo "" >> ${_logdir}/main.log
+         echo "## - $_file: Set Diffie Hellman Ephemeral Parameters.." >> ${_logdir}/main.log
+         echo "## -" >> ${_logdir}/main.log
+         cat <<EOF >> ${_logdir}/main.log
+perl -i$_backup_suffix -n -p \\
+   -e "s&^(#\s*SSL\s+Cipher\s+Suite:.*)&# Diffie Hellman Ephemeral Parameters\n#\nSSLOpenSSLConfCmd DHParameters \"${PREFIX}/conf/ssl/dhparam.pem\"\n\n\1&" \\
+   ${PREFIX}/${_rel_confextra_path}/${_file}
+EOF
+         perl -i$_backup_suffix -n -p \
+            -e "s&^(#\s*SSL\s+Cipher\s+Suite:.*)&# Diffie Hellman Ephemeral Parameters\n#\nSSLOpenSSLConfCmd DHParameters \"${PREFIX}/conf/ssl/dhparam.pem\"\n\n\1&" \
+            ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+         if [ "0" = $? ]; then
+            if grep -q SSLOpenSSLConfCmd ${PREFIX}/${_rel_confextra_path}/${_file} 2> /dev/null ; then
+               echo_ok
+               rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+            else
+               echo_failed
+            fi
+         else
+            echo_failed
+         fi
+      fi
+   else
+      echo_skipped
+   fi
 
    ## - Set SSLCipherSuite
    ## -
@@ -2356,10 +2432,10 @@ EOF
    echo "" >> ${_logdir}/main.log
    echo "## - $_file: Set SSLProtocol.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
-   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2 -TLSv1&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2-all +TLSv1.2 +TLSv1.3&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
    echononl "\t$_file: Set SSLProtocol.."
    sed -i$_backup_suffix -r \
-      -e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2 -TLSv1&g" \
+      -e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2-all +TLSv1.2 +TLSv1.3&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
    if [ "0" = $? ]; then
       echo_ok
@@ -2374,10 +2450,10 @@ EOF
    echo "" >> ${_logdir}/main.log
    echo "## - $_file: Set SSLProxyProtocol.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
-   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2 -TLSv1&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2-all +TLSv1.2 +TLSv1.3&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
    echononl "\t$_file: Set SSLProxyProtocol.."
    sed -i$_backup_suffix -r \
-      -e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2 -TLSv1&g" \
+      -e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2-all +TLSv1.2 +TLSv1.3&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
    if [ "0" = $? ]; then
       echo_ok
@@ -2403,6 +2479,33 @@ EOF
       echo_failed
    fi
 
+
+   ## - Set SSLCompression
+   ## -
+   ssl_compression_comment="#   SSLCompression
+# 
+#   Note:
+#   Enabling compression causes security issues in most setups (the so called CRIME attack)."
+   echo "" >> ${_logdir}/main.log
+   echo "## - $_file: Set SSLCompression.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   cat <<EOF >> ${_logdir}/main.log
+perl -i$_backup_suffix -n -p \\
+   -e "s&^(\s*SSLHonorCipherOrder\s+.*)&\1\n\n${ssl_compression_comment}\nSSLCompression off&" \\
+   ${PREFIX}/${_rel_confextra_path}/${_file}
+EOF
+   echononl "\t$_file: Set SSLCompression.."
+   perl -i$_backup_suffix -n -p \
+      -e "s&^(\s*SSLHonorCipherOrder\s+.*)&\1\n\n${ssl_compression_comment}\nSSLCompression off&" \
+      ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
+   if [ "0" = $? ]; then
+      echo_ok
+      rm ${PREFIX}/${_rel_confextra_path}/${_file}$_backup_suffix
+   else
+      echo_failed
+   fi
+
+
    ## - Set ServerName
    ## -
    echo "" >> ${_logdir}/main.log
@@ -2548,6 +2651,17 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ];then
       echo_failed
    fi
 
+   echo "" >> ${_logdir}/main.log
+   echo "## - Backup file '${PREFIX}/${_rel_confextra_path}/${_file}'.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echononl "\tBackup file '${PREFIX}/${_rel_confextra_path}/${_file}'.."
+   cp -a "${PREFIX}/${_rel_confextra_path}/${_file}" "${PREFIX}/${_rel_confextra_path}/${_file}.ORIG" >> ${_logdir}/main.log 2>&1
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+   fi
+
    _localhost="127.0.0.0/8"
    [ "X" != "X$HTTPD_INFO_ADDRESSES" ] && _localhost="$_localhost $HTTPD_INFO_ADDRESSES"
    echo "" >> ${_logdir}/main.log
@@ -2623,6 +2737,17 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ];then
       echo_failed
    fi
 
+   echo "" >> ${_logdir}/main.log
+   echo "## - Backup file '${PREFIX}/${_rel_confextra_path}/${_file}'.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echononl "\tBackup file '${PREFIX}/${_rel_confextra_path}/${_file}'.."
+   cp -a "${PREFIX}/${_rel_confextra_path}/${_file}" "${PREFIX}/${_rel_confextra_path}/${_file}.ORIG" >> ${_logdir}/main.log 2>&1
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+   fi
+
    ## - Uncomment "LoadModule" for needed additional modules..
    ## -
    for module in mod_mime mod_negotiation ; do
@@ -2678,6 +2803,17 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ];then
       echo_failed
    fi
 
+   echo "" >> ${_logdir}/main.log
+   echo "## - Backup file '${PREFIX}/${_rel_confextra_path}/${_file}'.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echononl "\tBackup file '${PREFIX}/${_rel_confextra_path}/${_file}'.."
+   cp -a "${PREFIX}/${_rel_confextra_path}/${_file}" "${PREFIX}/${_rel_confextra_path}/${_file}.ORIG" >> ${_logdir}/main.log 2>&1
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+   fi
+
 
    ## - Uncomment "LoadModule" for needed additional modules..
    ## -
@@ -2740,6 +2876,17 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ];then
       warn "Including file \"${_file}\" failed.."
    fi
 
+   echo "" >> ${_logdir}/main.log
+   echo "## - Backup file '${PREFIX}/${_rel_confextra_path}/${_file}'.." >> ${_logdir}/main.log
+   echo "## -" >> ${_logdir}/main.log
+   echononl "\tBackup file '${PREFIX}/${_rel_confextra_path}/${_file}'.."
+   cp -a "${PREFIX}/${_rel_confextra_path}/${_file}" "${PREFIX}/${_rel_confextra_path}/${_file}.ORIG" >> ${_logdir}/main.log 2>&1
+   if [ "0" = "$?" ];then
+      echo_ok
+   else
+      echo_failed
+   fi
+
 
    ## - Set MaxConnectionsPerChild
    ## -