From 4100550ca57282b76338ed3d16993189d7302037 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 23 Dec 2015 12:30:19 -0500
Subject: [PATCH] Merge branch 'master' into 'master'

---
 server/conf/vhost.conf.master             |   11 ++++++++++-
 install/tpl/apache_ispconfig.vhost.master |   18 ++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletions(-)

diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 3619e16..e7a2eaa 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -68,8 +68,26 @@
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
   <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:E$
+  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+
+  <IfModule mod_headers.c>
+    Header always add Strict-Transport-Security "max-age=15768000"
+  </IfModule>
+
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling on
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
+</tmpl_if>
 </VirtualHost>
 
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+  <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
+
 <Directory /var/www/php-cgi-scripts>
     AllowOverride None
 	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index ab8430d..03b1ed0 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -448,6 +448,15 @@
 <tmpl_var name='apache_directives'>
 <tmpl_hook name='apache2_vhost:vhost_footer'>
 </VirtualHost>
+
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<tmpl_if name='ssl_enabled'>
+<IfModule mod_ssl.c>
+        SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
+</tmpl_if>
+
 </tmpl_loop>
 
-<tmpl_hook name='apache2_vhost:footer'>
\ No newline at end of file
+<tmpl_hook name='apache2_vhost:footer'>

--
Gitblit v1.9.1