From af66612e6014bea48458125cda72d73c51bc3c20 Mon Sep 17 00:00:00 2001
From: Christian Franke <nobody@nowhere.ws>
Date: Tue, 25 Aug 2015 19:23:43 +0200
Subject: Initial commit

---
 roles/sublab_web/templates/ssl.conf.j2 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 roles/sublab_web/templates/ssl.conf.j2

(limited to 'roles/sublab_web/templates/ssl.conf.j2')

diff --git a/roles/sublab_web/templates/ssl.conf.j2 b/roles/sublab_web/templates/ssl.conf.j2
new file mode 100644
index 0000000..5d02eed
--- /dev/null
+++ b/roles/sublab_web/templates/ssl.conf.j2
@@ -0,0 +1,20 @@
+SSLEngine		On
+
+SSLCertificateChainFile	/etc/apache2/sites/{{ sublab_web_server_name }}/ssl/chain.pem
+SSLCertificateFile	/etc/apache2/sites/{{ sublab_web_server_name }}/ssl/cert.pem
+SSLCertificateKeyFile	/etc/apache2/sites/{{ sublab_web_server_name }}/ssl/key.pem
+
+SSLEngine On
+SSLHonorCipherOrder on
+SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+SSLCompression off
+
+#Header always set Strict-Transport-Security "max-age=15984000"
+
+SSLOptions		StdEnvVars
+
+BrowserMatch "MSIE [2-6]" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-- 
cgit v1.2.1