SSL configuration for Apache web server

I have been tweeking the configuration on a few client servers to improve the security. For a virtual host on Apache 2 I suggest the following configuration:

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
SSLEngine on
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder     on
SSLSessionTickets       off
SSLOptions +StrictRequire

If collecting personal or other sensitive information it is highly recommended to use DNSSEC. Nordea, one of the largest banks in Scandinavia, does not use DNSSEC an receives a security score of only 37% on DK Hostmaster’s testing tool. With very little effort one can get a score of 100%. Is it worth it? – I think, yes!

For testing your configuration I suggest a few handy tools: