moz://sebuah Generator Konfigurasi SSL

# generated 2025-04-15, Mozilla Guideline v5.7, Apache 2.4.60, OpenSSL 3.4.0, old config

# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=old&openssl=3.4.0&guideline=5.7

# this configuration requires mod_ssl, mod_rewrite, mod_headers, and mod_socache_shmcb

<VirtualHost *:80>

RewriteEngine On

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/

RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

</VirtualHost>

<VirtualHost *:443>

SSLEngine on

# openssl dhparam 1024 >> /path/to/signed_cert_and_intermediate_certs_and_dhparams

SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams

SSLCertificateKeyFile /path/to/private_key

# enable HTTP/2, if available

Protocols h2 http/1.1

# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)

Header always set Strict-Transport-Security "max-age=63072000"

</VirtualHost>

# old configuration

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3

SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1

SSLCipherSuite @SECLEVEL=0:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA

SSLHonorCipherOrder on

SSLSessionTickets off

SSLUseStapling On

SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"