Apache is one of the most secure software out there but the SSL module is not very restrictively configured by default. Many of you know that SSLv3 in now considered insecure and so are RC4 and other algos. Here are two lines which graded the server from "F" to "A" in the SSL testing and helped preventing several SSL attacks as Heartbleed, Poodle and recently Freak.

These lines need to be put into your ssl.conf AND any other vhost directive if apache supports SNI:

Here is an older list: (before 2018):

SSLProtocol TLSv1.2 +TLSv1.1 +TLSv1
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256

Here is a simpler and more up to date list with config options (2018):

SSLProtocol TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder On
​SSLCompression Off

Another simple commande to remove SELinux file attributes which are causing sometimes trouble with different servers:

find myfolder -exec setfattr -x security.selinux {} \;

Should there be some errors about setfattr install the attr package on CentOS.

Here is a very simpel command which already used me well when copying a whole directory structure from one server to another::

wget --mirror --ask-password ftp://user@host/myfolder

i think this line is quite self-expaining 😉