Based on recommedation from https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
Signed-off-by: Michael Peters <mrpeters@library.in.gov>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
ServerName localhost:443
ServerAlias 127.0.0.1:443
SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLHonorCipherOrder On
+ SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
# If you don't have an SSL cert, you can create self-signed
# certificate and key with: