Enable HSTS for all apache served SSL sites
[chef.git] / cookbooks / apache / templates / default / ssl.erb
1 # DO NOT EDIT - This file is being maintained by Chef
2
3 SSLProtocol All -SSLv2 -SSLv3
4
5 SSLHonorCipherOrder On
6 SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
7
8 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
9 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
10 SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
11
12 <% if node[:lsb][:release].to_f >= 14.04 -%>
13 SSLUseStapling On
14 SSLStaplingResponderTimeout 5
15 SSLStaplingReturnResponderErrors off
16 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
17
18 Header setifempty Strict-Transport-Security max-age=86400 env=HTTPS
19 <% else -%>
20 Header set Strict-Transport-Security max-age=86400 env=HTTPS
21 <% end -%>