SSL/TLS settings for apache
SSLEngine on
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite ECHACHA20+POLY1305:ECDH+AESGCM:EDH+AESGCM
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(65536)"
SSLSessionTickets Off
Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"