SSLEngine		On

SSLCertificateChainFile	/etc/apache2/sites/{{ git_server_name }}/ssl/chain.pem
SSLCertificateFile	/etc/apache2/sites/{{ git_server_name }}/ssl/cert.pem
SSLCertificateKeyFile	/etc/apache2/sites/{{ git_server_name }}/ssl/key.pem

SSLEngine On
SSLHonorCipherOrder on
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLCompression off

#Header always set Strict-Transport-Security "max-age=15984000"

SSLOptions		StdEnvVars

BrowserMatch "MSIE [2-6]" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown