1 files changed, 7 insertions, 13 deletions

diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc
index 5cc663f..7735ebb 100644
--- a/files/include.d/CentOS/ssl_defaults.inc
+++ b/files/include.d/CentOS/ssl_defaults.inc
@@ -1,9 +1,3 @@
-# Use separate log files for the SSL virtual host; note that LogLevel
-# is not inherited from httpd.conf.
-ErrorLog logs/ssl_error_log
-TransferLog logs/ssl_access_log
-LogLevel warn
-
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
@@ -11,13 +5,16 @@ SSLEngine on
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
 # connect.  Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
+#SSLProtocol all -SSLv2
+SSLProtocol -all +SSLv3 +TLSv1
 
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
 
+SSLHonorCipherOrder on
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
@@ -134,8 +131,5 @@ SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
 
-#   Per-Server Logging:
-#   The home of a custom SSL log file. Use this when you want a
-#   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+# set STS Header
+Header add Strict-Transport-Security "max-age=15768000"