SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS <%- if @wildcard_sslcert == 'true' then -%> SSLCertificateFile /etc/ssl/wildcard.<%= @domain %>.crt SSLCertificateKeyFile /etc/ssl/wildcard.<%= @domain %>.key SSLCACertificateFile /etc/ssl/wildcard.<%= @domain %>.pem SSLVerifyClient None <%- else -%> SSLCertificateFile /etc/ssl/apache/<%= @real_vhost %>.pem SSLCertificateKeyFile /etc/ssl/apache/<%= @real_vhost %>.pem <%- end -%>