isagasti · March 29, 2019 11:04
diff --git a/ssl.conf b/ssl.conf
 # OS: Debian 7, Apache 2.2.22, OpenSSL 1.0.1e
 # SSL Labs: A+ (RSA2048, SHA256 certificate)
 # Certificate: 100%
 # Protocol Support: 95%
 # Key Exchange: 90%
 # Cipher Strength: 90%

 # Disable SSL protocol, only TLS.
 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" 

 # HSTS enable. No activamos SubDomains para evitar posibles errores de configuración sobre el dominio principal.
 # This gives + to A.
 Header always set Strict-Transport-Security "max-age=31536000"
	# OS: Debian 7, Apache 2.2.22, OpenSSL 1.0.1e
	# SSL Labs: A+ (RSA2048, SHA256 certificate)
	# Certificate: 100%
	# Protocol Support: 95%
	# Key Exchange: 90%
	# Cipher Strength: 90%

	# Disable SSL protocol, only TLS.
	SSLProtocol all -SSLv2 -SSLv3
	SSLHonorCipherOrder on
	SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"

	# HSTS enable. No activamos SubDomains para evitar posibles errores de configuración sobre el dominio principal.
	# This gives + to A.
	Header always set Strict-Transport-Security "max-age=31536000"