]>
Commit | Line | Data |
---|---|---|
ec28c761 | 1 | LoadModule ssl_module lib/apache/libssl.so |
2 | AddModule mod_ssl.c | |
d918c925 | 3 | |
4 | ##-------------------------------------------------------------------------- | |
5 | ## Add additional SSL configuration directives which provide a | |
6 | ## robust default configuration: virtual server on port 443 | |
7 | ## which speaks SSL. | |
8 | ##-------------------------------------------------------------------------- | |
9 | ## | |
10 | ## SSL Support | |
11 | ## | |
12 | ## When we also provide SSL we have to listen to the | |
13 | ## standard HTTP port (see above) and to the HTTPS port | |
14 | ## | |
15 | Listen 443 | |
16 | ||
17 | ## | |
18 | ## SSL Global Context | |
19 | ## | |
20 | ## All SSL configuration in this context applies both to | |
21 | ## the main server and all SSL-enabled virtual hosts. | |
22 | ## | |
23 | ||
24 | # | |
25 | # Some MIME-types for downloading Certificates and CRLs | |
26 | # | |
27 | AddType application/x-x509-ca-cert .crt | |
28 | AddType application/x-pkcs7-crl .crl | |
29 | ||
30 | # Pass Phrase Dialog: | |
31 | # Configure the pass phrase gathering process. | |
32 | # The filtering dialog program (`builtin' is a internal | |
33 | # terminal dialog) has to provide the pass phrase on stdout. | |
34 | SSLPassPhraseDialog builtin | |
35 | ||
36 | # Inter-Process Session Cache: | |
37 | # Configure the SSL Session Cache: First either `none' | |
38 | # or `dbm:/path/to/file' for the mechanism to use and | |
39 | # second the expiring timeout (in seconds). | |
40 | #SSLSessionCache none | |
41 | #SSLSessionCache dbm:logs/ssl_scache | |
ec28c761 | 42 | SSLSessionCache shm:/var/run/ssl_scache(512000) |
d918c925 | 43 | SSLSessionCacheTimeout 300 |
44 | ||
45 | # Semaphore: | |
46 | # Configure the path to the mutual explusion semaphore the | |
47 | # SSL engine uses internally for inter-process synchronization. | |
ec28c761 | 48 | SSLMutex file:/var/run/ssl_mutex |
d918c925 | 49 | |
50 | # Pseudo Random Number Generator (PRNG): | |
51 | # Configure one or more sources to seed the PRNG of the | |
52 | # SSL library. The seed data should be of good random quality. | |
53 | SSLRandomSeed startup builtin | |
54 | SSLRandomSeed connect builtin | |
55 | #SSLRandomSeed startup file:/dev/random 512 | |
56 | #SSLRandomSeed startup file:/dev/urandom 512 | |
57 | #SSLRandomSeed connect file:/dev/random 512 | |
58 | #SSLRandomSeed connect file:/dev/urandom 512 | |
59 | ||
60 | # Logging: | |
61 | # The home of the dedicated SSL protocol logfile. Errors are | |
62 | # additionally duplicated in the general error log file. Put | |
63 | # this somewhere where it cannot be used for symlink attacks on | |
64 | # a real server (i.e. somewhere where only root can write). | |
65 | # Log levels are (ascending order: higher ones include lower ones): | |
66 | # none, error, warn, info, trace, debug. | |
ec28c761 | 67 | SSLLog /var/log/httpd/ssl_engine_log |
d918c925 | 68 | SSLLogLevel info |
69 | ||
ec28c761 | 70 | <VirtualHost _default_:443> |
71 | SSLEngine on | |
72 | #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL | |
73 | SSLCertificateFile /etc/httpd/server.crt | |
74 | SSLCertificateKeyFile /etc/httpd/server.key | |
75 | #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt | |
76 | #SSLCACertificatePath /etc/httpd/conf/ssl.crt | |
77 | #SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt | |
78 | #SSLCARevocationPath /etc/httpd/conf/ssl.crl | |
79 | #SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl | |
80 | #SSLVerifyClient require | |
81 | #SSLVerifyDepth 10 | |
82 | ||
83 | #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire | |
84 | <Files ~ "\.(cgi|shtml)$"> | |
85 | SSLOptions +StdEnvVars | |
86 | </Files> | |
87 | <Directory "/home/httpd/html/cgi-bin"> | |
88 | SSLOptions +StdEnvVars | |
89 | </Directory> | |
90 | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | |
91 | CustomLog /var/log/httpd/ssl_request_log \ | |
92 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
93 | ||
94 | </VirtualHost> |