<IfModule mod_gnutls.c>

  # Use an SHMCB backed session cache unless you have special needs.
  # (The dbm backend has known memory leaks and should not be used).
  GnuTLSCache shmcb:${APACHE_RUN_DIR}/gnutls_cache(65536)

  # An alternative is to use a memcached server to store SSL sessions.
  # This is useful in a cluster environment,
  # where you want all your servers to share a single SSL session cache.
  #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"

  # Require Perfect Forward Secrecy and recent TLS protocol versions
  # This should be supported by all SNI-capable browsers
  # You can validate e.g. at <https://www.ssllabs.com/ssltest/>
  GnuTLSPriorities PFS:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%SERVER_PRECEDENCE

  GnuTLSOCSPStapling off

</IfModule>