|
@@ -2,13 +2,14 @@ SSLEngine on
|
2
|
2
|
SSLProtocol ALL -SSLv2 -SSLv3
|
3
|
3
|
SSLHonorCipherOrder On
|
4
|
4
|
SSLCompression off
|
5
|
|
-{% if ansible_distribution_release != 'wheezy' %}
|
6
|
|
- SSLUseStapling On
|
7
|
|
- SSLStaplingResponderTimeout 5
|
8
|
|
- SSLStaplingReturnResponderErrors off
|
9
|
|
-{% endif %}
|
|
5
|
+SSLUseStapling On
|
|
6
|
+SSLStaplingResponderTimeout 5
|
|
7
|
+SSLStaplingReturnResponderErrors off
|
|
8
|
+
|
10
|
9
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
|
10
|
+
|
11
|
11
|
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
|
12
|
12
|
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
|
13
|
13
|
SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem
|
|
14
|
+
|
14
|
15
|
Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
|