[packages/apache1-mod_ssl.git] / apache-mod_ssl.conf

LoadModule ssl_module        /usr/lib/apache/libssl.so 

##--------------------------------------------------------------------------
## Add additional SSL configuration directives which provide a
## robust default configuration: virtual server on port 443
## which speaks SSL.
##--------------------------------------------------------------------------
##
##  SSL Support
##
##  When we also provide SSL we have to listen to the 
##  standard HTTP port (see above) and to the HTTPS port
##
Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First either `none'
#   or `dbm:/path/to/file' for the mechanism to use and
#   second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCache        shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual explusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
SSLLog      logs/ssl_engine_log
SSLLogLevel info
Commit	Line	Data
759ed8ce	1	LoadModule ssl_module /usr/lib/apache/libssl.so
	2
	3	##--------------------------------------------------------------------------
	4	## Add additional SSL configuration directives which provide a
	5	## robust default configuration: virtual server on port 443
	6	## which speaks SSL.
	7	##--------------------------------------------------------------------------
	8	##
	9	## SSL Support
	10	##
	11	## When we also provide SSL we have to listen to the
	12	## standard HTTP port (see above) and to the HTTPS port
	13	##
	14	Listen 443
	15
	16	##
	17	## SSL Global Context
	18	##
	19	## All SSL configuration in this context applies both to
	20	## the main server and all SSL-enabled virtual hosts.
	21	##
	22
	23	#
	24	# Some MIME-types for downloading Certificates and CRLs
	25	#
	26	AddType application/x-x509-ca-cert .crt
	27	AddType application/x-pkcs7-crl .crl
	28
	29	# Pass Phrase Dialog:
	30	# Configure the pass phrase gathering process.
	31	# The filtering dialog program (`builtin' is a internal
	32	# terminal dialog) has to provide the pass phrase on stdout.
	33	SSLPassPhraseDialog builtin
	34
	35	# Inter-Process Session Cache:
	36	# Configure the SSL Session Cache: First either `none'
	37	# or `dbm:/path/to/file' for the mechanism to use and
	38	# second the expiring timeout (in seconds).
	39	#SSLSessionCache none
	40	#SSLSessionCache dbm:logs/ssl_scache
	41	SSLSessionCache shm:logs/ssl_scache(512000)
	42	SSLSessionCacheTimeout 300
	43
	44	# Semaphore:
	45	# Configure the path to the mutual explusion semaphore the
	46	# SSL engine uses internally for inter-process synchronization.
	47	SSLMutex file:logs/ssl_mutex
	48
	49	# Pseudo Random Number Generator (PRNG):
	50	# Configure one or more sources to seed the PRNG of the
	51	# SSL library. The seed data should be of good random quality.
	52	SSLRandomSeed startup builtin
	53	SSLRandomSeed connect builtin
	54	#SSLRandomSeed startup file:/dev/random 512
	55	#SSLRandomSeed startup file:/dev/urandom 512
	56	#SSLRandomSeed connect file:/dev/random 512
	57	#SSLRandomSeed connect file:/dev/urandom 512
	58
	59	# Logging:
	60	# The home of the dedicated SSL protocol logfile. Errors are
	61	# additionally duplicated in the general error log file. Put
	62	# this somewhere where it cannot be used for symlink attacks on
	63	# a real server (i.e. somewhere where only root can write).
	64	# Log levels are (ascending order: higher ones include lower ones):
65	# none, error, warn, info, trace, debug.
66	SSLLog logs/ssl_engine_log
67	SSLLogLevel info
68