:443> ... SSLEngine on ## - don't support weak ciphers SSLHonorCipherOrder On SSLCompression Off #SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256 ## - HTTP Strict Transport Security (HSTS) ## - ## - HSTS tells a browser that the website should only be accessed through ## - a secure connection. The HSTS header will be remembered by a standard ## - compliant browser for max-age seconds. ## - ## - An important point is that HSTS only works after the user has received the ## - header via HTTPS. So you will still need to have a redirect from your ## - HTTP-site to HTTPS, also for supporting browsers that still do not understand ## - HSTS. ## - ## - This is easily accomplished using Apache’s mod_rewrite: ## - ## - ## - RewriteEngine On ## - RewriteCond %{HTTPS} off ## - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} ## - ## - ## - Thus, with a few lines of configuration, you can make the web a safer place to ## - be for your users. So, what are you waiting for? ## - ## - Remember this settings for 1/2 year ## - Header add Strict-Transport-Security "max-age=15768000" ...