HSTS & OCSP
apache 2.4.60, intermediate config, OpenSSL 3.4.0
支持 Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, Safari 9
# generated 2025-07-22, Mozilla Guideline v5.6, Apache 2.4.60, OpenSSL 3.4.0, intermediate configuration
# https://app.certbase.com/certhub/tools/ssl-config#server=apache&version=2.4.60&config=intermediate&openssl=3.4.0&guideline=5.6
# this configuration requires mod_ssl, mod_socache_shmcb and mod_socache_shmcb
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
# curl https://app.certbase.com/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams
SSLCertificateKeyFile /path/to/private_key
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) ({{output.hstsMaxAge}} seconds)
Header always set Strict-Transport-Security "max-age={{output.hstsMaxAge}}"
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3
-TLSv1
-TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"