# mod_gnutls default options. See /etc/apache2/sites-available/default-tls.conf ServerAdmin webmaster@localhost ServerName $domain DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined GnuTLSEnable On # Automatically obtained certificates from Let's Encrypt GnuTLSCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem GnuTLSKeyFile /etc/letsencrypt/live/$domain/privkey.pem # See http://www.outoforder.cc/projects/httpd/mod_gnutls/docs/#GnuTLSPriorities GnuTLSPriorities NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 # mod_ssl default options. See /etc/apache2/sites-available/default-ssl.conf ServerAdmin webmaster@localhost ServerName $domain DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on # Disable TLS1.1 and below. Client support: Firefox: 27, Android: # 4.4.2, Chrome: 31, Edge: 12, IE: 11 (Win7), Java: 8u31, OpenSSL: # 1.0.1, Opera: 20, Safari: 9. See: # https://wiki.mozilla.org/Security/Server_Side_TLS SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Automatically obtained certificates from Let's Encrypt SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem SSLOptions +StdEnvVars SSLOptions +StdEnvVars