ServerName $SNINAME DocumentRoot $SERVER_ROOT/sni$SNINUM NSSEngine on NSSFIPS off NSSOCSP off NSSRenegotiation on NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+rsa_aes_128_gcm_sha_256 NSSProtocol TLSv1.2 NSSNickname Server-Cert-$SNINAME NSSVerifyClient none # A bit redundant since the initial handshake should fail if no TLSv1.2 NSSRequire %{SSL_PROTOCOL} eq "TLSv1.2" NSSOptions +ExportCertData +CompatEnvVars +StdEnvVars