Created
September 4, 2024 11:30
-
-
Save kfiresmith/aa725858a4ea63272759f16f0d5f5761 to your computer and use it in GitHub Desktop.
Global Apache TLS hardening config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<IfModule mod_ssl.c> | |
SSLProtocol all -SSLv2 -SSLv3 | |
SSLHonorCipherOrder on | |
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" | |
SSLProxyProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 | |
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" | |
Header edit Set-Cookie ^(.*)$ "$1; Secure; HttpOnly; SameSite=Lax" | |
</IfModule> | |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment