ServerName $SNINAME
DocumentRoot $SERVER_ROOT/sni$SNINUM
NSSEngine on
NSSFIPS off
NSSOCSP off
NSSRenegotiation on
NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+rsa_aes_128_gcm_sha_256
NSSProtocol TLSv1.2
NSSNickname Server-Cert-$SNINAME
NSSVerifyClient none
# A bit redundant since the initial handshake should fail if no TLSv1.2
NSSRequire %{SSL_PROTOCOL} eq "TLSv1.2"
NSSOptions +ExportCertData +CompatEnvVars +StdEnvVars