2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
8 # Enable/Disable SSL for this virtual host.
11 # SSL Protocol support:
12 # List the protocol versions which clients are allowed to
13 # connect with. Disable SSLv2 by default (cf. RFC 6176).
14 SSLProtocol all -SSLv2
17 # Some MIME-types for downloading Certificates and CRLs
19 AddType application/x-x509-ca-cert .crt
20 AddType application/x-pkcs7-crl .crl
23 # List the ciphers that the client is permitted to negotiate.
24 # See the mod_ssl documentation for a complete list.
25 SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
26 SSLHonorCipherOrder on
29 Header add Strict-Transport-Security "max-age=604800"