<VirtualHost <ip-addresss>:443>

   ...

   SSLEngine on

   ## - don't support weak ciphers
   SSLHonorCipherOrder On
   SSLCompression Off
   #SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1
   SSLProxyProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
   SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256 


   ## - HTTP Strict Transport Security (HSTS)
   ## -
   ## - HSTS tells a browser that the website should only be accessed through
   ## - a secure connection. The HSTS header will be remembered by a standard
   ## - compliant browser for max-age seconds.
   ## - 
   ## - An important point is that HSTS only works after the user has received the
   ## - header via HTTPS. So you will still need to have a redirect from your
   ## - HTTP-site to HTTPS, also for supporting browsers that still do not understand
   ## - HSTS.
   ## - 
   ## - This is easily accomplished using Apache’s mod_rewrite:
   ## - 
   ## - <IfModule mod_rewrite.c>
   ## -   RewriteEngine On
   ## -   RewriteCond %{HTTPS} off
   ## -   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
   ## - </IfModule>
   ## - 
   ## - Thus, with a few lines of configuration, you can make the web a safer place to
   ## - be for your users. So, what are you waiting for?
   ## -
   ## - Remember this settings for 1/2 year
   ## -
   Header add Strict-Transport-Security "max-age=15768000"

   ...

</VirtualHost>
