• SSL/TLS settings for apache

SSL/TLS settings for apache

SSLEngine on

SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite ECHACHA20+POLY1305:ECDH+AESGCM:EDH+AESGCM

SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1

SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(65536)"
SSLSessionTickets Off

Protocols h2 http/1.1

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"