diff --git a/INSTALL/apache.24.misp.ssl b/INSTALL/apache.24.misp.ssl
index c6134fcbb..dd5141b2d 100644
--- a/INSTALL/apache.24.misp.ssl
+++ b/INSTALL/apache.24.misp.ssl
@@ -27,8 +27,19 @@
     </Directory>
 
     SSLEngine On
-# The line below disable unsecure Ciphers, might be enabled by default
-#	  SSLCipherSuite HIGH:!aNULL:!MD5
+    
+# StrongCiphers4All! \o/
+# This proposal adds strong cipher suites based on the Mozilla recommendations. 
+# mozilla config generator: https://ssl-config.mozilla.org/#server=apache&version=2.4.29&config=intermediate&openssl=1.1.1&guideline=5.6
+# intermediate configuration
+SSLProtocol 		    All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder     off
+SSLSessionTickets       off
+
+# enable HTTP/2, if available
+Protocols h2 http/1.1
+
     SSLCertificateFile /etc/ssl/private/misp.local.crt
     SSLCertificateKeyFile /etc/ssl/private/misp.local.key
 #    SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
@@ -51,3 +62,7 @@
     # Header always set Referrer-Policy "strict-origin-when-cross-origin"
     # Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
 </VirtualHost>
+
+# strongciphers4All! \o/
+SSLUseStapling On
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"