Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Minimal options-ssl-apache.conf for /etc/letsencrypt/options-ssl-apache.conf
# Configuration for best compatibility
SSLProtocol +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
# Disable server-side preference if you don't offer any legacy cipher suites
SSLHonorCipherOrder off
# Disable TLS compression
SSLCompression off
# Disable TLS session tickets
SSLSessionTickets off
# Set curves to prime256v1 and secp384r1
# (X25519 isn't supported in this Apache version)
# (secp521r1 doesn't offer much more security)
SSLOpenSSLConfCmd Curves prime256v1:secp384r1
SSLOpenSSLConfCmd ECDHParameters secp384r1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.