X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=apache-mod_ssl.conf;h=0867c277e6694efe9e62d85c6c585862091d4c1a;hb=4d51c0eb6be1d8258f1cdc0f3f7e6a2c637e5b39;hp=7ae6746e62b91db091428b1bfbc501ce1fc82ff8;hpb=e14f7341cbda9503491b22796ce005b6a77f1c64;p=packages%2Fapache.git

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 7ae6746..0867c27 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -64,23 +64,22 @@ SSLMutex  file:/var/run/httpd/ssl_mutex
 ## SSL Virtual Host Context
 ##
 
-<VirtualHost _default_:443>
-
-#   General setup for the virtual host
-DocumentRoot "/home/services/httpd/html"
-ServerName www.example.com:443
-ServerAdmin you@example.com
-ErrorLog logs/error_log
-TransferLog logs/access_log
-
+NameVirtualHost *:443
+<VirtualHost *:443>
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 
+#   Usable SSL protocol flavors:
+#   This directive can be used to control the SSL protocol flavors mod_ssl
+#   should use when establishing its server environment. Clients then can only
+#   connect with one of the provided protocols.
+SSLProtocol all -SSLv2
+
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
 
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
@@ -211,14 +210,18 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key
 #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
-BrowserMatch ".*MSIE.*" \
-		 nokeepalive ssl-unclean-shutdown \
-		 downgrade-1.0 force-response-1.0
+<IfModule mod_setenvif.c>
+	BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+</IfModule>
 
 #   Per-Server Logging:
 #   The home of a custom SSL log file. Use this when you want a
 #   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+#<IfModule mod_log_config.c>
+#	CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+#	# enable common log too, otherwise you be suprised of no access logs
+#	CustomLog logs/access_log common
+#</IfModule>
 
 </VirtualHost>