diff options
author | Jonas Smedegaard <dr@jones.dk> | 2020-10-17 22:25:08 +0200 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-17 22:25:08 +0200 |
commit | 075bb6a63e17bbc6df91b664c78388886a4bddaa (patch) | |
tree | 9b0bff53aa47fd64a99ce2c1c44f6a8a625ac87a /apache2/conf.d | |
parent | 8d7a538d35781331d38c10393d589e3357cb4500 (diff) |
modernize mods snippet gnutls; drop outdated conf.d snippet local-gnutls
Diffstat (limited to 'apache2/conf.d')
-rw-r--r-- | apache2/conf.d/local-gnutls.conf | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/apache2/conf.d/local-gnutls.conf b/apache2/conf.d/local-gnutls.conf deleted file mode 100644 index d09a06b..0000000 --- a/apache2/conf.d/local-gnutls.conf +++ /dev/null @@ -1,16 +0,0 @@ -GnuTLSEnable on - -# based on <https://blog.joelj.org/ecdsa-certificates-with-apache-2-4-lets-encrypt/> -# * only strong EC crypto suites supporting Perfect Forward Secrecy -# * supported by all SNI-capable browsers -# Options: -# * drop %SAFE_RENEGOTIATION for Safari 5.1.9 / OS X 10.6.8 support -# * add 3DES-CBS after AES-128-CBC for Android 2.3.7 support on non-SNI hosts -# * add CHACHA20-POLY1305 after ECDHE-ECDSA with libgnutls >= 3.4.0 -GnuTLSPriorities NONE:+ECDHE-ECDSA:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+AEAD:+SHA384:+SHA256:+SHA1:+CTYPE-X509:+VERS-TLS-ALL:-VERS-SSL3.0:+COMP-NULL:+CURVE-SECP384R1:+SIGN-ECDSA-SHA512:+SIGN-ECDSA-SHA384:+SIGN-ECDSA-SHA256:+SIGN-ECDSA-SHA224:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION - -GnuTLSCertificateFile /etc/ssl/certs/apache2+cacert.org.pem -GnuTLSKeyFile /etc/ssl/private/apache2.pem - -# HSTS: http://www.debian-administration.org/articles/662 -Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" |