On Sat, Jan 14, 2017 at 10:43 AM, Dirk-Willem van Gulik <di...@webweaving.org> wrote: > > Where this implies SSLEnable, a set of sane/best-practice. ‘A+’, set of > baseline SSL directives w.r.t. OSCP stapling and so on. And absolutely no > further SSL statements in your vhost. And it implies that port 80 forwards > to https. Perhaps disallow any port/listen stuff ? > > If you need SSL statements — then you are out of scope ? Is that fair ?
I think if a feature/directive will turn on something that will write to configured keystores, it really shouldn't do or dictate much else. -- Eric Covener cove...@gmail.com