Hello ! I have some questions that I don't find answers by myself, even after read the cookbook and a lot of web pages. To be honest, I'm not really sure it's a problem but I need to verify. Ok. I am setting up web server to host a critical java application. There is Apache in front of Tomcat and I want to enforce connections over https only with higher ciphers from TLS 1.2. Is it a good way ? There is a part of Apache's settings : ssl.conf : <http://paste.opensuse.org/03eefb03> the vhost file : <http://paste.opensuse.org/972e254d> The public part works good, no problem. For the moment (testing), I use an auto-signed certificate. Of course, I will use "real" CA signed EV certificate in production. Well, I've did some tests. Here is a part of some nmap and testssl.sh results : <http://paste.opensuse.org/43377128> Is everything ok or do I need to change something ? Could you give some advice to make it safer please ? I really want to be closer to the state of the art and understand it. A last thing : please, accept my apologies... I don't speak english anymore since many many years. Best regards, -- benoist -- benoist