ServerName example.com DocumentRoot /data/www/example.com/www ServerAdmin admin@example.com SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder on # Prefer PFS, allow TLS, avoid SSL, for IE8 on XP still allow 3DES SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+AESGCM EECDH EDH+AESGCM EDH+aRSA HIGH !MEDIUM !LOW !aNULL !eNULL !LOW !RC4 !MD5 !EXP !PSK !SRP !DSS" SSLCompression Off Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" # Header always set X-Frame-Options SAMEORIGIN Header always set X-Frame-Options DENY SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/example.com.key SSLCACertificateFile /etc/pki/tls/certs/example.com.pem ErrorLog logs/example.com-error_log CustomLog logs/example.com-access_log common AllowOverride All Require all granted