<VirtualHost _default_:443>

	#ServerName www.example.com:443
	ServerAdmin webmaster@localhost

	DocumentRoot "/srv/www/apache"
	<Directory "/srv/www/apache">
		Options Indexes FollowSymLinks
		AllowOverride None
		Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/002-default-ssl.error.log
	CustomLog ${APACHE_LOG_DIR}/002-default-ssl.access.log combined

	<IfModule http2_module>
		Protocols h2 http/1.1
	</IfModule>

	SSLEngine on
	SSLCertificateFile "/etc/apache/server.crt"
	SSLCertificateKeyFile "/etc/apache/server.key"
	#SSLCertificateChainFile "/etc/apache/server-ca.crt"

	#SSLProtocol		All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLProtocol		All -SSLv2 -SSLv3
	SSLCipherSuite		EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	SSLHonorCipherOrder	On

	SSLCompression		off 
	SSLUseStapling		on 
	
	SSLStaplingCache	"shmcb:logs/stapling-cache(150000)" 
	# Requires Apache >= 2.4.11
	SSLSessionTickets	Off
            
	#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	#Header always set X-Frame-Options DENY
	#Header always set X-Content-Type-Options nosniff

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
	    SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory "/srv/www/apache/cgi-bin">
	    SSLOptions +StdEnvVars
	</Directory>

	BrowserMatch "MSIE [2-5]" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0

	CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_request.log ssl_info
	CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_browser.log ssl_info_browser

</VirtualHost>                                  

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet