diff options
author | mh <mh@immerda.ch> | 2011-02-22 22:59:51 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2011-02-22 22:59:51 +0100 |
commit | a371c169c45dbd14ad3c465f8b7314b14c4ed8cb (patch) | |
tree | c83e0e002cbe0e32193042552af2548d0ba81439 /files | |
parent | f14fd057987b5489228a40444c3a101768c5b6bb (diff) |
add STS header in default ssl config
Diffstat (limited to 'files')
-rw-r--r-- | files/include.d/CentOS/ssl_defaults.inc | 3 | ||||
-rw-r--r-- | files/include.d/Debian/ssl_defaults.inc | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index b57cbb9..c1ef0be 100644 --- a/files/include.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc @@ -142,3 +142,6 @@ SetEnvIf User-Agent ".*MSIE.*" \ # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +# set STS Header +Header add Strict-Transport-Security "max-age=15768000" diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index 949fe58..d1ec68d 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -1,3 +1,6 @@ SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH SSLHonorCipherOrder on + +# set STS Header +Header add Strict-Transport-Security "max-age=15768000" |