SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "ECDHE-ECDSA-AES128-GCM-SHA256 \
 ECDHE-ECDSA-AES256-GCM-SHA384 \
 ECDHE-RSA-AES128-GCM-SHA256 \
 ECDHE-RSA-AES256-GCM-SHA384 \
 DHE-RSA-AES128-GCM-SHA256 \
 DHE-RSA-AES256-GCM-SHA384 \
 ECDHE-ECDSA-AES128-SHA \
 ECDHE-ECDSA-AES256-SHA \
 ECDHE-ECDSA-DES-CBC3-SHA \
 ECDHE-RSA-AES128-SHA \
 ECDHE-RSA-AES256-SHA \
 ECDHE-RSA-DES-CBC3-SHA \
 DHE-RSA-AES128-SHA \
 DHE-RSA-AES256-SHA \
 EDH-RSA-DES-CBC3-SHA \
 AES128-GCM-SHA256 \
 AES256-GCM-SHA384 \
 AES128-SHA \
 AES256-SHA \
 DES-CBC3-SHA"

# Only with Apache 2.2.24+ and Apache 2.4.3+
SSLCompression Off

SSLSessionCache shmcb:/path/to/ssl_scache(1024000)
SSLSessionCacheTimeout 3600

# Only with Apache 2.4.x
SSLUseStapling On
SSLStaplingCache shmcb:/path/to/stapling_cache(128000)
# HSTS policies are persistent; learn more about HSTS
# before enabling the following rule for best security.
#Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"