Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Minimal options-ssl-apache.conf for /etc/letsencrypt/options-ssl-apache.conf
# Configuration for best compatibility
SSLProtocol +TLSv1.2
# Disable server-side preference if you don't offer any legacy cipher suites
SSLHonorCipherOrder off
# Disable TLS compression
SSLCompression off
# Disable TLS session tickets
SSLSessionTickets off
# Set curves to prime256v1 and secp384r1
# (X25519 isn't supported in this Apache version)
# (secp521r1 doesn't offer much more security)
SSLOpenSSLConfCmd Curves prime256v1:secp384r1
SSLOpenSSLConfCmd ECDHParameters secp384r1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment